Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

Remediation

References

https://github.com/hazelcast/hazelcast/pull/24266

Related Vulnerabilities

CVE-2021-31684 Vulnerability in maven package net.minidev:json-smart

CVE-2021-32820 Vulnerability in npm package express-handlebars

CVE-2019-18841 Vulnerability in npm package chartkick

CVE-2021-45105 Vulnerability in maven package org.apache.logging.log4j:log4j-core

CVE-2022-31195 Vulnerability in maven package org.dspace:dspace-api

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Patch