CVE-2023-45859
- Source
- https://cve.org/CVERecord?id=CVE-2023-45859
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45859.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-45859
- Aliases
- Related
- Published
- 2024-02-28T22:15:26.070Z
- Modified
- 2026-04-10T05:01:42.765902Z
- Severity
-
- 7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.
- References
Affected packages
Git / github.com/hazelcast/hazelcast
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hazelcast/hazelcast
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "4.1.10" }, { "introduced": "4.2.0" }, { "last_affected": "4.2.8" }, { "introduced": "5.0.0" }, { "last_affected": "5.0.5" }, { "introduced": "5.1.0" }, { "last_affected": "5.1.7" }, { "introduced": "5.2.0" }, { "fixed": "5.2.5" }, { "introduced": "5.3.0" }, { "fixed": "5.3.5" } ] }