Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

Remediation

References

https://github.com/hazelcast/hazelcast/pull/24266

Related Vulnerabilities

CVE-2020-28458 Vulnerability in npm package datatables.net

CVE-2023-0481 Vulnerability in maven package io.quarkus.resteasy.reactive:resteasy-reactive-common

CVE-2021-3647 Vulnerability in npm package urijs

CVE-2022-34114 Vulnerability in maven package io.dataease:dataease-plugin-common

CVE-2021-21353 Vulnerability in maven package org.webjars.npm:pug

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Patch