CWE-322
Key Exchange without Entity Authentication
The product performs a key exchange with an actor without verifying the identity of that actor.
CVE-2024-4871 (GCVE-0-2024-4871)
Vulnerability from cvelistv5
Published
2024-05-14 14:27
Modified
2025-09-18 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-322 - Key Exchange without Entity Authentication
Summary
A vulnerability was found in Satellite. When running a remote execution job on a host, the host's SSH key is not being checked. When the key changes, the Satellite still connects it because it uses "-o StrictHostKeyChecking=no". This flaw can lead to a man-in-the-middle attack (MITM), denial of service, leaking of secrets the remote execution job contains, or other issues that may arise from the attacker's ability to forge an SSH key. This issue does not directly allow unauthorized remote execution on the Satellite, although it can leak secrets that may lead to it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHBA-2024:4589 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2024-4871 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2278627 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 3.9.1.8 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4871",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T19:16:11.335337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T16:32:46.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-4871"
},
{
"name": "RHBZ#2278627",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278627"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/theforeman/foreman",
"packageName": "foreman",
"versions": [
{
"status": "affected",
"version": "3.9.1.8"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "candlepin",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.3.14-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "foreman",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.9.1.8-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "foreman-installer",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:3.9.3.2-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "python-pulp-container",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.16.9-1.el8pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "python-pulpcore",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.39.15-1.el8pc",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "rubygem-dynflow",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.8.3-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "rubygem-foreman_ansible",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.0.6-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "rubygem-foreman_remote_execution",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:12.0.7-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "rubygem-katello",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.11.0.15-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "rubygem-smart_proxy_container_gateway",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.0.0-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "rubygem-smart_proxy_remote_execution_ssh",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.10.6-1.el8sat",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite_capsule:6.15::el8",
"cpe:/a:redhat:satellite_utils:6.15::el8",
"cpe:/a:redhat:satellite:6.15::el8"
],
"defaultStatus": "affected",
"packageName": "satellite",
"product": "Red Hat Satellite 6.15 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.15.2-1.el8sat",
"versionType": "rpm"
}
]
}
],
"datePublic": "2024-05-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Satellite. When running a remote execution job on a host, the host\u0027s SSH key is not being checked. When the key changes, the Satellite still connects it because it uses \"-o StrictHostKeyChecking=no\". This flaw can lead to a man-in-the-middle attack (MITM), denial of service, leaking of secrets the remote execution job contains, or other issues that may arise from the attacker\u0027s ability to forge an SSH key. This issue does not directly allow unauthorized remote execution on the Satellite, although it can leak secrets that may lead to it."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-322",
"description": "Key Exchange without Entity Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T10:21:37.640Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBA-2024:4589",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2024:4589"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-4871"
},
{
"name": "RHBZ#2278627",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278627"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-02T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-05-14T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Foreman: host ssh key not being checked in remote execution",
"workarounds": [
{
"lang": "en",
"value": "Currently there is no mitigation available for this vulnerability. Please perform the necessary updates as they become available."
}
],
"x_redhatCweChain": "CWE-322: Key Exchange without Entity Authentication"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-4871",
"datePublished": "2024-05-14T14:27:41.323Z",
"dateReserved": "2024-05-14T14:03:36.786Z",
"dateUpdated": "2025-09-18T10:21:37.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54422 (GCVE-0-2025-54422)
Vulnerability from cvelistv5
Published
2025-07-29 12:47
Modified
2025-07-29 13:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, exposing them to potential interception. The vulnerability is particularly severe during password modification operations, where both old and new passwords are passed as plaintext command-line arguments to the Imbox process without any encryption or obfuscation. This implementation flaw allows any process within the user session, including unprivileged processes, to retrieve these sensitive credentials by reading the command-line arguments, thereby bypassing standard privilege requirements and creating a significant security risk. This is fixed in version 1.16.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-jp7r-vgv9-43p7 | x_refsource_CONFIRM | |
| https://github.com/sandboxie-plus/Sandboxie/commit/d107d5743880da28e782c1771b5246b2a512989a | x_refsource_MISC | |
| https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.16.2 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sandboxie-plus | Sandboxie |
Version: < 1.16.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54422",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T13:29:53.514945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T13:29:56.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-jp7r-vgv9-43p7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sandboxie",
"vendor": "sandboxie-plus",
"versions": [
{
"status": "affected",
"version": "\u003c 1.16.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, exposing them to potential interception. The vulnerability is particularly severe during password modification operations, where both old and new passwords are passed as plaintext command-line arguments to the Imbox process without any encryption or obfuscation. This implementation flaw allows any process within the user session, including unprivileged processes, to retrieve these sensitive credentials by reading the command-line arguments, thereby bypassing standard privilege requirements and creating a significant security risk. This is fixed in version 1.16.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-322",
"description": "CWE-322: Key Exchange without Entity Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T12:47:50.414Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-jp7r-vgv9-43p7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-jp7r-vgv9-43p7"
},
{
"name": "https://github.com/sandboxie-plus/Sandboxie/commit/d107d5743880da28e782c1771b5246b2a512989a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/commit/d107d5743880da28e782c1771b5246b2a512989a"
},
{
"name": "https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.16.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.16.2"
}
],
"source": {
"advisory": "GHSA-jp7r-vgv9-43p7",
"discovery": "UNKNOWN"
},
"title": "Sandboxie exposes encrypted sandbox key during password change"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54422",
"datePublished": "2025-07-29T12:47:50.414Z",
"dateReserved": "2025-07-21T23:18:10.281Z",
"dateUpdated": "2025-07-29T13:29:56.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Ensure that proper authentication is included in the system design.
Mitigation
Phase: Implementation
Description:
- Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications.
No CAPEC attack patterns related to this CWE.