CVE-2023-33264

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

Published: May 22, 2023
Updated: May 10, 2024
CVE: CVE-2023-33264
GHSA: GHSA-5gj6-62g7-vmgf
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-200
CWE-522

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
com.hazelcast / hazelcast	-	5.3.0
hazelcast / hazelcast	5.2	5.2.3.x
hazelcast / hazelcast	-	5.0.4.x
hazelcast / hazelcast	5.1	5.1.6

https://github.com/hazelcast/hazelcast/commit/74eed86c2b2b727148c442e98a01d0ca6941a49e
https://github.com/hazelcast/hazelcast/pull/24266
https://github.com/hazelcast/hazelcast/pull/24266/commits/80a502d53cc48bf895711ab55f95e3a51e344ac1

Vulnerability Database

289,697

CVE-2023-33264