Description
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.
Remediation
References
https://github.com/hazelcast/hazelcast/pull/24266
Related Vulnerabilities
CVE-2018-1275 Vulnerability in maven package org.springframework:spring-messaging
CVE-2021-24033 Vulnerability in npm package react-dev-utils
CVE-2014-0035 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security
CVE-2020-5243 Vulnerability in npm package uap-core
CVE-2019-8331 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap