CVE-2023-45859

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-45859

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45859.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-45859

Aliases

GHSA-xh6m-7cr7-xx66

Related

GHSA-xh6m-7cr7-xx66

Published

2024-02-28T22:15:26Z

Modified

2025-05-17T09:22:08Z

Summary

[none]

Details

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.

References

https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66
https://github.com/hazelcast/hazelcast/pull/25509

Affected packages

Git / github.com/hazelcast/hazelcast

Affected ranges

Type: GIT
Repo: https://github.com/hazelcast/hazelcast
Events: Introduced

1ab727191c858afcfc46cc1641fdf63c5ad761c5

Fixed

8b1bd72a87ad7072c9eb1dd639cb953dba7831ad