CVE-2023-33265

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:-:*:*:*
cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:-:*:*:*
cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:-:*:*:*
cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hazelcast:imdg:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:05

Type Values Removed Values Added
References () https://github.com/hazelcast/hazelcast - Product () https://github.com/hazelcast/hazelcast - Product
References () https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265 - Vendor Advisory () https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265 - Vendor Advisory

28 Jul 2023, 13:20

Type Values Removed Values Added
CPE cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:-:*:*:*
cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hazelcast:imdg:*:*:*:*:*:*:*:*
First Time Hazelcast hazelcast
Hazelcast imdg
Hazelcast
References (MISC) https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265 - (MISC) https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265 - Vendor Advisory
References (MISC) https://github.com/hazelcast/hazelcast - (MISC) https://github.com/hazelcast/hazelcast - Product
CWE CWE-862
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

18 Jul 2023, 17:33

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-18 16:15

Updated : 2024-11-21 08:05


NVD link : CVE-2023-33265

Mitre link : CVE-2023-33265

CVE.ORG link : CVE-2023-33265


JSON object : View

Products Affected

hazelcast

  • imdg
  • hazelcast
CWE
CWE-862

Missing Authorization