CVE-2023-45860

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-45860

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45860.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-45860

Aliases

GHSA-8h4x-xvjp-vf99

Related

GHSA-8h4x-xvjp-vf99

Published

2024-02-16T10:15:08.080Z

Modified

2026-04-10T05:01:43.064377Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.

References

Affected packages

Git / github.com/hazelcast/hazelcast

Affected ranges

Type

GIT

Repo

https://github.com/hazelcast/hazelcast

Events

Introduced

Last affected

4508077c2071f97718a765bd7483056f60b398fd

Introduced

1ab727191c858afcfc46cc1641fdf63c5ad761c5

Fixed

8b1bd72a87ad7072c9eb1dd639cb953dba7831ad

Introduced

a3ae01dcbfa32e3b314047506dadf837d54e8e2a

Fixed

7e760b071f2736d304d818883e51cb6ea46bedc4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.1.7"
        },
        {
            "introduced": "5.2.0"
        },
        {
            "fixed": "5.2.5"
        },
        {
            "introduced": "5.3.0"
        },
        {
            "fixed": "5.3.5"
        }
    ]
}

Affected versions

v2.*

v2.0

v2.1

v3.*

v3.0

v3.0-RC1

v3.1

v3.2

v3.3-EA

v3.3-EA2

v3.5.1-stale

v5.*

v5.1.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45860.json"