Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.10 views

CVE-2023-45140

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnorm...

4.8CVSS6.8AI score0.00387EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/08 3:26 p.m.10 views

CVE-2023-45140 Group-based JIT MFA bypass on scp and sftp in The Bastion

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnorm...

4.8CVSS6.8AI score0.00387EPSS
Exploits0References2
CVE
CVE
added 2023/11/08 3:26 p.m.48 views

CVE-2023-45140

CVE-2023-45140 describes a bypass in The Bastion where SCP/SFTP plugins do not honor group-based JIT MFA, allowing a group access with MFA enforced to establish a connection without an extra factor. This affects per-group-based JIT MFA; Immediate MFA, per-plugin JIT MFA, and per-account JIT MFA a...

4.8CVSS4.7AI score0.00387EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/11/08 3:26 p.m.29 views

CVE-2023-45140 Group-based JIT MFA bypass on scp and sftp in The Bastion

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnorm...

4.8CVSS5.4AI score0.00387EPSS
Exploits0References2
Rows per page
Query Builder