Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

Remediation

References

https://github.com/hazelcast/hazelcast/pull/24266

Related Vulnerabilities

CVE-2019-10760 Vulnerability in maven package org.webjars.npm:safer-eval

CVE-2012-5883 Vulnerability in npm package yui

CVE-2020-5397 Vulnerability in maven package org.springframework:spring-webmvc

CVE-2018-14731 Vulnerability in npm package parcel-bundler

CVE-2021-31411 Vulnerability in maven package com.vaadin:flow-server

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Patch