CVE-2023-33265

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-33265

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33265.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-33265

Aliases

GHSA-c5vj-wp4v-mmvx

Published

2023-07-18T16:15:11Z

Modified

2024-05-29T20:51:59Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.

References

Affected packages

Git / github.com/hazelcast/hazelcast

Affected ranges

Type: GIT
Repo: https://github.com/hazelcast/hazelcast
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

74bb9d9cbd2d6f996d5692bc805fd969b6907d72