CVE-2023-45140

Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 08/11/2023 Updated: 16/11/2023

CVSS v3 Base Score: 4.6 | Impact Score: 2.5 | Exploitability Score: 2.1

VMScore: 0

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnormal behavior only applies to per-group-based JIT MFA. Other MFA setup types, such as Immediate MFA, JIT MFA on a per-plugin basis and JIT MFA on a per-account basis are not affected. This issue has been patched in version 3.14.15.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ovh the-bastion

CWE-306 https://github.com/ovh/the-bastion/security/advisories/GHSA-pr4q-w883-pf5x https://github.com/ovh/the-bastion/releases/tag/v3.14.15 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-45140

Vulnerability Summary

References

Vulmon Search

About

Products

Connect