The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnormal behavior only applies to per-group-based JIT MFA. Other MFA setup types, such as Immediate MFA, JIT MFA on a per-plugin basis and JIT MFA on a per-account basis are not affected. This issue has been patched in version 3.14.15.
{
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-306"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45140.json"
}{
"extracted_events": [
{
"introduced": "3.0.0"
},
{
"last_affected": "3.14.0"
},
{
"introduced": "0"
},
{
"fixed": "3.14.15"
}
],
"cpe": "cpe:2.3:a:ovh:the-bastion:*:*:*:*:*:*:*:*",
"source": [
"AFFECTED_FIELD",
"CPE_RANGE",
"REFERENCES"
]
}