Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

Remediation

References

https://github.com/hazelcast/hazelcast/pull/24266

Related Vulnerabilities

CVE-2022-28220 Vulnerability in maven package org.apache.james.protocols:protocols-netty

CVE-2009-0580 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2014-3576 Vulnerability in maven package org.apache.activemq:activemq-all

CVE-2022-2564 Vulnerability in npm package mongoose

CVE-2018-14042 Vulnerability in maven package org.fujion.webjars:bootstrap

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Patch