Search criteria
2 vulnerabilities by ovh
CVE-2025-59339 (GCVE-0-2025-59339)
Vulnerability from cvelistv5 – Published: 2025-09-17 17:50 – Updated: 2025-09-17 18:09
VLAI
Title
The Bastion ttyrec files are not signed after encryption by the osh-encrypt-rsync script
Summary
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, if configured to. When running, the script properly rotates and encrypts the files using the provided GPG key(s), but silently fails to sign them, even if asked to.
Severity
4.4 (Medium)
CWE
- CWE-325 - Missing Cryptographic Step
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/ovh/the-bastion/security/advis… | x_refsource_CONFIRM |
| https://github.com/ovh/the-bastion/commit/9bc85ec… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ovh | the-bastion |
Affected:
< 3.22.00
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T18:08:36.241076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T18:09:55.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "the-bastion",
"vendor": "ovh",
"versions": [
{
"status": "affected",
"version": "\u003c 3.22.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, if configured to. When running, the script properly rotates and encrypts the files using the provided GPG key(s), but silently fails to sign them, even if asked to."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325: Missing Cryptographic Step",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T17:50:34.877Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ovh/the-bastion/security/advisories/GHSA-h66q-g57p-rgg6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ovh/the-bastion/security/advisories/GHSA-h66q-g57p-rgg6"
},
{
"name": "https://github.com/ovh/the-bastion/commit/9bc85ec3f4b724f903773ba64909777c4826a13f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ovh/the-bastion/commit/9bc85ec3f4b724f903773ba64909777c4826a13f"
}
],
"source": {
"advisory": "GHSA-h66q-g57p-rgg6",
"discovery": "UNKNOWN"
},
"title": "The Bastion ttyrec files are not signed after encryption by the osh-encrypt-rsync script"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59339",
"datePublished": "2025-09-17T17:50:34.877Z",
"dateReserved": "2025-09-12T12:36:24.635Z",
"dateUpdated": "2025-09-17T18:09:55.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45140 (GCVE-0-2023-45140)
Vulnerability from cvelistv5 – Published: 2023-11-08 15:26 – Updated: 2024-09-12 19:10
VLAI
Title
Group-based JIT MFA bypass on scp and sftp in The Bastion
Summary
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnormal behavior only applies to per-group-based JIT MFA. Other MFA setup types, such as Immediate MFA, JIT MFA on a per-plugin basis and JIT MFA on a per-account basis are not affected. This issue has been patched in version 3.14.15.
Severity
4.8 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/ovh/the-bastion/security/advis… | x_refsource_CONFIRM |
| https://github.com/ovh/the-bastion/releases/tag/v… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ovh | the-bastion |
Affected:
>= 3.0.0, <= 3.14.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ovh/the-bastion/security/advisories/GHSA-pr4q-w883-pf5x",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ovh/the-bastion/security/advisories/GHSA-pr4q-w883-pf5x"
},
{
"name": "https://github.com/ovh/the-bastion/releases/tag/v3.14.15",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ovh/the-bastion/releases/tag/v3.14.15"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:25:53.100320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T19:10:42.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "the-bastion",
"vendor": "ovh",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c= 3.14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don\u0027t honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnormal behavior only applies to per-group-based JIT MFA. Other MFA setup types, such as Immediate MFA, JIT MFA on a per-plugin basis and JIT MFA on a per-account basis are not affected. This issue has been patched in version 3.14.15."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T15:26:26.584Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ovh/the-bastion/security/advisories/GHSA-pr4q-w883-pf5x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ovh/the-bastion/security/advisories/GHSA-pr4q-w883-pf5x"
},
{
"name": "https://github.com/ovh/the-bastion/releases/tag/v3.14.15",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ovh/the-bastion/releases/tag/v3.14.15"
}
],
"source": {
"advisory": "GHSA-pr4q-w883-pf5x",
"discovery": "UNKNOWN"
},
"title": "Group-based JIT MFA bypass on scp and sftp in The Bastion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45140",
"datePublished": "2023-11-08T15:26:26.584Z",
"dateReserved": "2023-10-04T16:02:46.329Z",
"dateUpdated": "2024-09-12T19:10:42.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}