CVE-2023-33264 – com.hazelcast:hazelcast

Package

Manager: maven
Name: com.hazelcast:hazelcast
Vulnerable Version: >=0 <5.3.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01571 pctl0.80847

Details

Hazelcast vulnerable to unmasked password exposure In Hazelcast before 5.3.0, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

Metadata

Created: 2023-05-22T03:30:16Z
Modified: 2023-05-26T17:56:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-5gj6-62g7-vmgf/GHSA-5gj6-62g7-vmgf.json
CWE IDs: ["CWE-200", "CWE-522"]
Alternative ID: GHSA-5gj6-62g7-vmgf
Finding: F038
Auto approve: 1