In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.
References
Link | Resource |
---|---|
https://github.com/hazelcast/hazelcast | Product |
https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Jul 2023, 13:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:-:*:*:* cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:enterprise:*:*:* cpe:2.3:a:hazelcast:imdg:*:*:*:*:*:*:*:* |
|
First Time |
Hazelcast hazelcast
Hazelcast imdg Hazelcast |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265 - Vendor Advisory | |
References | (MISC) https://github.com/hazelcast/hazelcast - Product | |
CWE | CWE-862 |
18 Jul 2023, 17:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-18 16:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-33265
Mitre link : CVE-2023-33265
CVE.ORG link : CVE-2023-33265
JSON object : View
Products Affected
hazelcast
- hazelcast
- imdg
CWE
CWE-862
Missing Authorization