← Back

CVE-2023-45859

nvd nist
Published: Feb 28, 2024Modified: May 13, 2025

JSON object

Loading...
7.6
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Exploitability: 2.8 / Impact: 4.7
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.

Affected (6)

Products: Hazelcast: Hazelcast
Hazelcast
1 product
Hazelcast
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Hazelcast
Hazelcast
Up to 4.1.10
Hazelcast
From 4.2.0 to 4.2.8
Hazelcast
From 5.0.0 to 5.0.5
Hazelcast
From 5.1.0 to 5.1.7
Hazelcast
From 5.2.0 to 5.2.5
Hazelcast
From 5.3.0 to 5.3.5

Related CWEs

CWE-922
Insecure Storage of Sensitive Information
The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (4)

Source: cve@mitre.org
Patch
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.