GHSA-5gj6-62g7-vmgf

Source

https://github.com/advisories/GHSA-5gj6-62g7-vmgf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-5gj6-62g7-vmgf/GHSA-5gj6-62g7-vmgf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5gj6-62g7-vmgf

Aliases

CVE-2023-33264

Published

2023-05-22T03:30:16Z

Modified

2025-10-02T21:25:17.260328Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Hazelcast vulnerable to unmasked password exposure

Details

In Hazelcast before 5.3.0, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200",
        "CWE-522"
    ],
    "github_reviewed_at": "2023-05-22T19:55:38Z",
    "nvd_published_at": "2023-05-22T01:15:44Z",
    "severity": "MODERATE"
}

References

Affected packages

Maven

com.hazelcast:hazelcast

Package

Name: com.hazelcast:hazelcast; View open source insights on deps.dev
Purl: pkg:maven/com.hazelcast/hazelcast

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0-BETA-1

Last affected

4.2.8

Affected versions

4.*

4.0-BETA-1

4.0-BETA-2

4.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.1-BETA-1

4.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.8

4.1.9

4.1.10

4.2-BETA-1

4.2

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.2.8

com.hazelcast:hazelcast

Package

Name: com.hazelcast:hazelcast; View open source insights on deps.dev
Purl: pkg:maven/com.hazelcast/hazelcast

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0-BETA-1

Fixed

5.0.5

Affected versions

5.*

5.0-BETA-1

5.0-BETA-2

5.0

5.0.1

5.0.2

5.0.3

5.0.4

com.hazelcast:hazelcast

Package

Name: com.hazelcast:hazelcast; View open source insights on deps.dev
Purl: pkg:maven/com.hazelcast/hazelcast

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.1-BETA-1

Fixed

5.1.6

Affected versions

5.*

5.1-BETA-1

5.1

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

com.hazelcast:hazelcast

Package

Name: com.hazelcast:hazelcast; View open source insights on deps.dev
Purl: pkg:maven/com.hazelcast/hazelcast

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.2-BETA-1

Fixed

5.2.4

Affected versions

5.*

5.2-BETA-1

5.2.0

5.2.1

5.2.2

5.2.3

com.hazelcast:hazelcast

Package

Name: com.hazelcast:hazelcast; View open source insights on deps.dev
Purl: pkg:maven/com.hazelcast/hazelcast

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.3.0-BETA-1

Fixed

5.3.0

Affected versions

5.*

5.3.0-BETA-1

5.3.0-BETA-2