How severe is CVE-2023-45140?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2023-45140?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2023-45140 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnormal behavior only applies to per-group-based JIT MFA. Other MFA setup types, such as Immediate MFA, JIT MFA on a per-plugin basis and JIT MFA on a per-account basis are not affected. This issue has been patched in version 3.14.15.

Related Vulnerabilities

CVE-2017-2708

MEDIUM

CVSS:4.6(Medium)

The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset...

CWE-3062017

CVE-2020-25048

MEDIUM

CVSS:4.6(Medium)

An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Sam...

CWE-3062020

CVE-2020-27902

MEDIUM

CVSS:4.6(Medium)

An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passw...

CWE-3062020

CVE-2022-3312

MEDIUM

CVSS:4.6(Medium)

Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. ...

CWE-3062022

CVE-2024-35342

MEDIUM

CVSS:4.6(Medium)

Certain Anpviz products allow unauthenticated users to modify or disable camera related settings such as microphone volume, speaker volume, LED lighting, NTP, motion detection, etc. This affects IPC-D...

CWE-3062024

CVE-2022-3327

MEDIUM

CVSS:4.5(Medium)

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6.

CWE-3062022