4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don’t honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnormal behavior only applies to per-group-based JIT MFA. Other MFA setup types, such as Immediate MFA, JIT MFA on a per-plugin basis and JIT MFA on a per-account basis are not affected. This issue has been patched in version 3.14.15.
Vendor | Product | Version | CPE |
---|---|---|---|
ovh | the\-bastion | * | cpe:2.3:a:ovh:the\-bastion:*:*:*:*:*:*:*:* |
[
{
"vendor": "ovh",
"product": "the-bastion",
"versions": [
{
"version": ">= 3.0.0, <= 3.14.0",
"status": "affected"
}
]
}
]
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%