In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.
References
Link | Resource |
---|---|
https://github.com/hazelcast/hazelcast | Product |
https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265 | Vendor Advisory |
https://github.com/hazelcast/hazelcast | Product |
https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/hazelcast/hazelcast - Product | |
References | () https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265 - Vendor Advisory |
28 Jul 2023, 13:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:-:*:*:* cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:enterprise:*:*:* cpe:2.3:a:hazelcast:imdg:*:*:*:*:*:*:*:* |
|
First Time |
Hazelcast hazelcast
Hazelcast imdg Hazelcast |
|
References | (MISC) https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265 - Vendor Advisory | |
References | (MISC) https://github.com/hazelcast/hazelcast - Product | |
CWE | CWE-862 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
18 Jul 2023, 17:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-18 16:15
Updated : 2024-11-21 08:05
NVD link : CVE-2023-33265
Mitre link : CVE-2023-33265
CVE.ORG link : CVE-2023-33265
JSON object : View
Products Affected
hazelcast
- imdg
- hazelcast
CWE
CWE-862
Missing Authorization