Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

Remediation

References

https://github.com/hazelcast/hazelcast/pull/24266

Related Vulnerabilities

CVE-2014-2066 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-29577 Vulnerability in maven package org.owasp:antisamy

CVE-2021-23406 Vulnerability in npm package pac-resolver

CVE-2023-35152 Vulnerability in maven package org.xwiki.platform:xwiki-platform-like-ui

CVE-2011-1772 Vulnerability in maven package org.apache.struts:struts2-core

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Patch