Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

Remediation

References

https://github.com/hazelcast/hazelcast/pull/24266

Related Vulnerabilities

CVE-2022-35961 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts

CVE-2022-4742 Vulnerability in npm package json-pointer

CVE-2019-17570 Vulnerability in maven package org.apache.xmlrpc:xmlrpc

CVE-2023-52079 Vulnerability in npm package msgpackr

CVE-2023-34245 Vulnerability in npm package @udecode/plate-link

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Patch