CVE-2023-33265

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:-:*:*:*
cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:-:*:*:*
cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:-:*:*:*
cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hazelcast:imdg:*:*:*:*:*:*:*:*

History

28 Jul 2023, 13:20

Type Values Removed Values Added
CPE cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:-:*:*:*
cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hazelcast:imdg:*:*:*:*:*:*:*:*
First Time Hazelcast hazelcast
Hazelcast imdg
Hazelcast
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References (MISC) https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265 - (MISC) https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265 - Vendor Advisory
References (MISC) https://github.com/hazelcast/hazelcast - (MISC) https://github.com/hazelcast/hazelcast - Product
CWE CWE-862

18 Jul 2023, 17:33

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-18 16:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-33265

Mitre link : CVE-2023-33265

CVE.ORG link : CVE-2023-33265


JSON object : View

Products Affected

hazelcast

  • hazelcast
  • imdg
CWE
CWE-862

Missing Authorization