Lucene search

Veracode Vulnerability DatabaseVERACODE:41442

HistoryJul 21, 2023 - 9:47 a.m.

Authorization Bypass

2023-07-2109:47:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

hazelcast

authorization bypass

vulnerability

scheduledexecutorservice

permissions

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

25.0%

JSON

com.hazelcast:hazelcast is vulnerable to Authorization Bypasses. The vulnerability is due to not enforcing correct permissions when clients invoke the ScheduledExecutorService proxy which allows an authenticated attacker to bypass the authorization mechanisms and execute tasks on members without the required permissions.

CPENameOperatorVersion
hazelcastle5.3.0-BETA-2
hazelcastle5.1.6
hazelcastle5.0.4
hazelcastle5.2.3
hazelcastle5.3.0-BETA-2
hazelcastle5.1.6
hazelcastle5.0.4
hazelcastle5.2.3

Name	Operator	Version
hazelcast	le	5.3.0-BETA-2
hazelcast	le	5.1.6
hazelcast	le	5.0.4
hazelcast	le	5.2.3
hazelcast	le	5.3.0-BETA-2
hazelcast	le	5.1.6
hazelcast	le	5.0.4
hazelcast	le	5.2.3

References

github.com/advisories/GHSA-c5vj-wp4v-mmvx

github.com/hazelcast/hazelcast

github.com/hazelcast/hazelcast/commit/407f10bec603a1b1cb1b042b2732c656c533fe2c

github.com/hazelcast/hazelcast/commit/5a452df41dd8ebd2497992214976894165856796

github.com/hazelcast/hazelcast/commit/b00a04a3e8303fd6bafba72b3c0dbaf45bd7e56c

github.com/hazelcast/hazelcast/pull/24271

github.com/hazelcast/hazelcast/releases/tag/v5.0.5

github.com/hazelcast/hazelcast/releases/tag/v5.1.7

github.com/hazelcast/hazelcast/releases/tag/v5.2.4

support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

25.0%

JSON

Related for VERACODE:41442