Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

Remediation

References

https://github.com/hazelcast/hazelcast/pull/24266

Related Vulnerabilities

CVE-2022-31093 Vulnerability in npm package next-auth

CVE-2020-11994 Vulnerability in maven package org.apache.camel:camel-robotframework

CVE-2020-6427 Vulnerability in maven package org.webjars.npm:electron

CVE-2022-25901 Vulnerability in maven package org.webjars.npm:cookiejar

CVE-2016-0779 Vulnerability in maven package org.apache.tomee:openejb-core

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Patch