CVE-2022-39219

Name of the Vulnerable Software and Affected Versions Bifrost versions 1.8.6-release and prior

Description Bifrost is a middleware package that synchronizes MySQL/MariaDB binlog data to other types of databases. The issue allows group members with only read permissions to write requests when they are normally forbidden from doing so, due to an authentication bypass when using HTTP basic authentication.

Recommendations For versions 1.8.6-release and prior, update to version 1.8.7-release to resolve the issue. As a temporary workaround, consider disabling HTTP basic authentication until a patch is applied. Restrict access to sensitive data to minimize the risk of exploitation.