Lucene search

GoogleOSV:CVE-2023-33264

HistoryMay 22, 2023 - 1:15 a.m.

CVE-2023-33264

2023-05-2201:15:44

Google

osv.dev

hazelcast

vulnerabilities

password

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.7%

JSON

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don’t mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

References

github.com/hazelcast/hazelcast/pull/24266

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.7%

JSON

Related for OSV:CVE-2023-33264