Description
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are through 4.5.3.
Remediation
References
https://github.com/hazelcast/hazelcast/security/advisories/GHSA-c5hg-mr8r-f6jp
Related Vulnerabilities
CVE-2018-3766 Vulnerability in npm package buttle
CVE-2022-4742 Vulnerability in npm package json-pointer
CVE-2019-19771 Vulnerability in npm package bitcionjslib
CVE-2019-1003024 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2019-10404 Vulnerability in maven package org.jenkins-ci.main:jenkins-core