Common Weakness Enumeration

CWE-322

Allowed

Key Exchange without Entity Authentication

Abstraction: Base · Status: Draft

The product performs a key exchange with an actor without verifying the identity of that actor.

42 vulnerabilities reference this CWE, most recent first.

GHSA-VW6G-9HPF-V3CQ

Vulnerability from github – Published: 2026-07-13 18:30 – Updated: 2026-07-14 03:31
VLAI
Details

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server (man-in-the-middle), capturing the SSH deploy key or injecting malicious repository content. Deployments that use the Git DAG bundle or Git provider to clone over SSH with a deploy key are affected. The fix changes the default to verify host keys; upgrade to apache-airflow-providers-git 0.4.1 or later and configure a known_hosts file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-58065"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-322"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-13T16:16:41Z",
    "severity": "HIGH"
  },
  "details": "The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no` by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server (man-in-the-middle), capturing the SSH deploy key or injecting malicious repository content. Deployments that use the Git DAG bundle or Git provider to clone over SSH with a deploy key are affected. The fix changes the default to verify host keys; upgrade to apache-airflow-providers-git `0.4.1` or later and configure a `known_hosts` file.",
  "id": "GHSA-vw6g-9hpf-v3cq",
  "modified": "2026-07-14T03:31:34Z",
  "published": "2026-07-13T18:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58065"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/69103"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/fjmclngfksz2kp7llpcjxzdz568h0zhc"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/07/13/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W4PR-4VJG-HFFH

Vulnerability from github – Published: 2022-09-30 22:56 – Updated: 2022-09-30 22:56
VLAI
Summary
When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
Details

When matrix-nio before 0.20 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from.

This allows a malicious homeserver to insert room keys of questionable validity into the key store in some situations, potentially assisting in an impersonation attack.

For more information

If you have any questions or comments about this advisory, e-mail us at poljar@termina.org.uk.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "matrix-nio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-322"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-30T22:56:17Z",
    "nvd_published_at": "2022-09-29T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "When matrix-nio before 0.20 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn\u0027t check that the device that responded matches the device the key was requested from.\n\nThis allows a malicious homeserver to insert room keys of questionable validity into the key store in some situations, potentially assisting in an impersonation attack.\n\n### For more information\nIf you have any questions or comments about this advisory, e-mail us at [poljar@termina.org.uk](mailto:poljar@termina.org.uk).",
  "id": "GHSA-w4pr-4vjg-hffh",
  "modified": "2022-09-30T22:56:17Z",
  "published": "2022-09-30T22:56:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39254"
    },
    {
      "type": "WEB",
      "url": "https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/poljar/matrix-nio"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "When matrix-nio receives forwarded room keys, the receiver doesn\u0027t check if it requested the key from the forwarder"
}

Mitigation
Architecture and Design

Ensure that proper authentication is included in the system design.

Mitigation
Implementation

Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications.

No CAPEC attack patterns related to this CWE.