Home > Vulnerability Database > CVE-2022-39219

Mend.io Vulnerability Database

CVE-2022-39219

Good to know:

Date: September 26, 2022

Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.

Language: Go

Severity Score

8.5

Related Resources (6)

Url: https://github.com/brokercap/Bifrost/issues/200

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39219

Url: https://github.com/brokercap/Bifrost/releases/tag/v1.8.7-release

Url: https://github.com/brokercap/Bifrost

Url: https://github.com/brokercap/Bifrost/security/advisories/GHSA-p6fh-xc6r-g5hw

Url: https://www.mend.io/vulnerability-database/CVE-2022-39219

Severity Score

8.5

Weakness Type (CWE)

Authentication Issues

CWE-287

Incorrect Permission Assignment for Critical Resource

CWE-732

Top Fix

Upgrade Version

Upgrade to version v1.8.7-release

Learn More

CVSS v3.1

Base Score:	8.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39219

Good to know:

Date: September 26, 2022

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?