Lucene search

[email protected]CVE-2023-33264

HistoryMay 22, 2023 - 1:15 a.m.

CVE-2023-33264

2023-05-2201:15:44

CWE-522

[email protected]

web.nvd.nist.gov

128

cve-2023-33264

hazelcast

password exposure

configuration vulnerability

nvd

security issue

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don’t mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

Affected configurations

NVD

Node

hazelcasthazelcastRange≤5.0.4

hazelcasthazelcastRange5.1–5.1.6

hazelcasthazelcastRange5.2–5.2.3

CPENameOperatorVersion
hazelcast:hazelcasthazelcastle5.0.4
hazelcast:hazelcasthazelcastlt5.1.6
hazelcast:hazelcasthazelcastle5.2.3

CPE	Name	Operator	Version
hazelcast:hazelcast	hazelcast	le	5.0.4
hazelcast:hazelcast	hazelcast	lt	5.1.6
hazelcast:hazelcast	hazelcast	le	5.2.3

References

github.com/hazelcast/hazelcast/pull/24266

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON

Related for CVE-2023-33264

cvelist1 veracode1 osv2 prion1 redhatcve1 github1 nvd1 ibm1