CWE-322
AllowedKey Exchange without Entity Authentication
Abstraction: Base · Status: Draft
The product performs a key exchange with an actor without verifying the identity of that actor.
42 vulnerabilities reference this CWE, most recent first.
GHSA-VW6G-9HPF-V3CQ
Vulnerability from github – Published: 2026-07-13 18:30 – Updated: 2026-07-14 03:31The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server (man-in-the-middle), capturing the SSH deploy key or injecting malicious repository content. Deployments that use the Git DAG bundle or Git provider to clone over SSH with a deploy key are affected. The fix changes the default to verify host keys; upgrade to apache-airflow-providers-git 0.4.1 or later and configure a known_hosts file.
{
"affected": [],
"aliases": [
"CVE-2026-58065"
],
"database_specific": {
"cwe_ids": [
"CWE-322"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-13T16:16:41Z",
"severity": "HIGH"
},
"details": "The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no` by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server (man-in-the-middle), capturing the SSH deploy key or injecting malicious repository content. Deployments that use the Git DAG bundle or Git provider to clone over SSH with a deploy key are affected. The fix changes the default to verify host keys; upgrade to apache-airflow-providers-git `0.4.1` or later and configure a `known_hosts` file.",
"id": "GHSA-vw6g-9hpf-v3cq",
"modified": "2026-07-14T03:31:34Z",
"published": "2026-07-13T18:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58065"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/pull/69103"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/fjmclngfksz2kp7llpcjxzdz568h0zhc"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/07/13/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W4PR-4VJG-HFFH
Vulnerability from github – Published: 2022-09-30 22:56 – Updated: 2022-09-30 22:56When matrix-nio before 0.20 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from.
This allows a malicious homeserver to insert room keys of questionable validity into the key store in some situations, potentially assisting in an impersonation attack.
For more information
If you have any questions or comments about this advisory, e-mail us at poljar@termina.org.uk.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "matrix-nio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39254"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-322"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-30T22:56:17Z",
"nvd_published_at": "2022-09-29T15:15:00Z",
"severity": "HIGH"
},
"details": "When matrix-nio before 0.20 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn\u0027t check that the device that responded matches the device the key was requested from.\n\nThis allows a malicious homeserver to insert room keys of questionable validity into the key store in some situations, potentially assisting in an impersonation attack.\n\n### For more information\nIf you have any questions or comments about this advisory, e-mail us at [poljar@termina.org.uk](mailto:poljar@termina.org.uk).",
"id": "GHSA-w4pr-4vjg-hffh",
"modified": "2022-09-30T22:56:17Z",
"published": "2022-09-30T22:56:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39254"
},
{
"type": "WEB",
"url": "https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0"
},
{
"type": "PACKAGE",
"url": "https://github.com/poljar/matrix-nio"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "When matrix-nio receives forwarded room keys, the receiver doesn\u0027t check if it requested the key from the forwarder"
}
Mitigation
Ensure that proper authentication is included in the system design.
Mitigation
Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications.
No CAPEC attack patterns related to this CWE.