The Bastion ttyrec files are not signed after encryption by...

4.4 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Description

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, if configured to. When running, the script properly rotates and encrypts the files using the provided GPG key(s), but silently fails to sign them, even if asked to.

Basic Information

ID CVE-2025-59339

Source GitHub_M

Published Sep 17, 2025 at 17:50

Modified Sep 17, 2025 at 18:09

Affected Product

Vendor ovh

Product the-bastion

Version < 3.22.00

Affected Versions ovh the-bastion < 3.22.00

CWE Classification

CWE-325

References

{
    "lastseen": "",
    "description": "The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, if configured to. When running, the script properly rotates and encrypts the files using the provided GPG key(s), but silently fails to sign them, even if asked to.",
    "published": "2025-09-17T17:50:34.877Z",
    "modified": "2025-09-17T18:09:55.732Z",
    "type": "cve",
    "title": "The Bastion ttyrec files are not signed after encryption by the osh-encrypt-rsync script",
    "source": "GitHub_M",
    "references": "https://github.com/ovh/the-bastion/security/advisories/GHSA-h66q-g57p-rgg6\nhttps://github.com/ovh/the-bastion/commit/9bc85ec3f4b724f903773ba64909777c4826a13f",
    "id": "CVE-2025-59339",
    "bulletinFamily": "",
    "cwe": [
        "CWE-325"
    ],
    "cvelist": null,
    "sourceData": "ovh the-bastion < 3.22.00",
    "sourceHref": "",
    "cvss": {
        "score": 4.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "the-bastion",
    "version": "< 3.22.00",
    "vendor": "ovh",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

The Bastion ttyrec files are not signed after encryption by the osh-encrypt-rsync script_CVE-2025-59339