Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

Remediation

References

https://github.com/hazelcast/hazelcast/pull/24266

Related Vulnerabilities

CVE-2022-36083 Vulnerability in maven package org.webjars.npm:jose

CVE-2019-15477 Vulnerability in maven package org.jooby:jooby

CVE-2021-26541 Vulnerability in npm package gitlog

CVE-2021-42550 Vulnerability in maven package ch.qos.logback:logback-core

CVE-2023-46122 Vulnerability in maven package org.scala-sbt:sbt

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Patch