Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.

Remediation

References

https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265

https://github.com/hazelcast/hazelcast

Related Vulnerabilities

CVE-2014-0075 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2022-43418 Vulnerability in maven package org.jenkins-ci.plugins:katalon

CVE-2013-7398 Vulnerability in maven package com.ning:async-http-client

CVE-2021-46364 Vulnerability in maven package info.magnolia:magnolia-core

CVE-2023-30520 Vulnerability in maven package org.jenkins-ci.plugins:quayio-trigger

Severity

Critical

Classification

CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Product