Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Brokercap Bifrost vulnerable to authentication bypass for admin and monitor user groups
Vulnerability Description
Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Bifrost 授权问题漏洞
Vulnerability Description
Bifrost是brokercap个人开发者的面向生产环境的用于将MySQL,MariaDB同步到Redis,ClickHouse,Elasticsearch等服务的异构中间件。 Bifrost 1.8.8之前版本存在安全漏洞。攻击者利用该漏洞通过删除请求头中的X-Requested-With:XMLHttpRequest字段,在管理员和监控器用户组中会绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A