Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Group-based JIT MFA bypass on scp and sftp in The Bastion
Vulnerability Description
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnormal behavior only applies to per-group-based JIT MFA. Other MFA setup types, such as Immediate MFA, JIT MFA on a per-plugin basis and JIT MFA on a per-account basis are not affected. This issue has been patched in version 3.14.15.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Bastion 访问控制错误漏洞
Vulnerability Description
Bastion是一组机器,用作操作团队的唯一入口点,以安全地连接到设备。 Bastion 3.0.0 到3.14.0版本存在访问控制错误漏洞,该漏洞源于 MFA 的组或个人可以强制通过 Bastion 建立 SCP/SFTP 连接不需要额外因素, SSH 访问不受影响。
CVSS Information
N/A
Vulnerability Type
N/A