Description
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.
Remediation
References
https://github.com/hazelcast/hazelcast
https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265
Related Vulnerabilities
CVE-2017-4973 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2017-1000388 Vulnerability in maven package org.jenkins-ci.plugins:depgraph-view
CVE-2023-25762 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-build-step
CVE-2021-4040 Vulnerability in maven package org.apache.activemq:artemis-commons
CVE-2022-1274 Vulnerability in maven package org.keycloak:keycloak-services