Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

Remediation

References

https://github.com/hazelcast/hazelcast/pull/24266

Related Vulnerabilities

CVE-2011-2092 Vulnerability in maven package com.adobe.blazeds:blazeds-common

CVE-2023-50719 Vulnerability in maven package org.xwiki.platform:xwiki-platform-search-solr-api

CVE-2011-1184 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2018-3758 Vulnerability in npm package express-cart

CVE-2013-1571 Vulnerability in maven package org.apache.tomcat:catalina

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Patch