Hazelcast vulnerable to unmasked password exposure

2023-05-2203:30:16

Google

osv.dev

0.0004 Low

EPSS

Percentile

13.3%

JSON

In Hazelcast before 5.3.0, configuration routines don’t mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

CPENameOperatorVersion
com.hazelcast:hazelcasteq3.6.6
com.hazelcast:hazelcasteq2.0.2
com.hazelcast:hazelcasteq4.2.2
com.hazelcast:hazelcasteq5.0.2
com.hazelcast:hazelcasteq3.0.2
com.hazelcast:hazelcasteq3.1.9
com.hazelcast:hazelcasteq3.0
com.hazelcast:hazelcasteq2.5.1
com.hazelcast:hazelcasteq1.9.3
com.hazelcast:hazelcasteq3.10.6

Name	Operator	Version
com.hazelcast:hazelcast	eq	3.6.6
com.hazelcast:hazelcast	eq	2.0.2
com.hazelcast:hazelcast	eq	4.2.2
com.hazelcast:hazelcast	eq	5.0.2
com.hazelcast:hazelcast	eq	3.0.2
com.hazelcast:hazelcast	eq	3.1.9
com.hazelcast:hazelcast	eq	3.0
com.hazelcast:hazelcast	eq	2.5.1
com.hazelcast:hazelcast	eq	1.9.3
com.hazelcast:hazelcast	eq	3.10.6