Description
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.
Remediation
References
https://github.com/hazelcast/hazelcast
https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265
Related Vulnerabilities
CVE-2023-24435 Vulnerability in maven package org.jenkins-ci.plugins:ghprb
CVE-2021-34079 Vulnerability in npm package docker-tester
CVE-2023-48796 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-worker
CVE-2022-46366 Vulnerability in maven package tapestry:tapestry
CVE-2014-3623 Vulnerability in maven package org.apache.cxf:cxf