Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.

Remediation

References

https://github.com/hazelcast/hazelcast

https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265

Related Vulnerabilities

CVE-2022-34778 Vulnerability in maven package org.jenkins-ci.plugins:testng-plugin

CVE-2022-40635 Vulnerability in maven package org.craftercms:craftercms

CVE-2023-29471 Vulnerability in maven package com.typesafe.akka:akka-stream-kafka

CVE-2023-30429 Vulnerability in maven package org.apache.pulsar:pulsar-broker-common

CVE-2017-5645 Vulnerability in maven package org.apache.logging.log4j:log4j

Severity

Critical

Classification

CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Product Vendor Advisory