← Back

CVE-2023-33265

nvd nist
Published: Jul 18, 2023Modified: May 2, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.

Affected (7)

Hazelcast
2 products
Hazelcast
Imdg
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Hazelcast
Hazelcast
From 5.0.0 to 5.0.5
Hazelcast
From 5.1.0 to 5.1.7
Hazelcast
From 5.2.0 to 5.2.4
Hazelcast
From 5.0.0 to 5.0.5
Hazelcast
From 5.1.0 to 5.1.7
Hazelcast
From 5.2.0 to 5.2.4
Imdg
Up to 4.2.8

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.