GHSA-p6fh-xc6r-g5hw

Source
https://github.com/advisories/GHSA-p6fh-xc6r-g5hw
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-p6fh-xc6r-g5hw/GHSA-p6fh-xc6r-g5hw.json
Aliases
Published
2022-09-27T15:45:09Z
Modified
2023-11-08T04:10:15.306992Z
Details

Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who only have read permissions to write requests when they are normally forbidden from doing so. Version 1.8.7-release contains a patch. There are currently no known workarounds.

References

Affected packages

Go / github.com/brokercap/Bifrost

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.8.7-release

Database specific

{
    "last_known_affected_version_range": "<= 1.8.6-release"
}