GHSA-xh6m-7cr7-xx66
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xh6m-7cr7-xx66
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-xh6m-7cr7-xx66/GHSA-xh6m-7cr7-xx66.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-xh6m-7cr7-xx66
- Aliases
- Published
- 2024-02-27T21:54:15Z
- Modified
- 2024-12-02T20:34:06.645657Z
- Severity
-
- 7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
- Summary
- Missing permission checks on Hazelcast client protocol
- Details
-
Impact
In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.
Patches
Fix versions: 5.2.5, 5.3.5, 5.4.0-BETA-1
Workarounds
There is no known workaround.
- Database specific
{ "nvd_published_at": "2024-02-28T22:15:26Z", "cwe_ids": [ "CWE-281", "CWE-922" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-02-27T21:54:15Z" }- References
Affected packages
Maven / com.hazelcast:hazelcast
Package
- Name
- com.hazelcast:hazelcast
- View open source insights on deps.dev
- Purl
- pkg:maven/com.hazelcast/hazelcast
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected4.1.10
Affected versions
1.*
1.5
1.5.1
1.5.2
1.5.3
1.6-RC1
1.6
1.7-RC1
1.7-RC2
1.7-RC3
1.7-RC4
1.7
1.7.1
1.8
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.9
1.9.1-RC2
1.9.1
1.9.2
1.9.2.1
1.9.2.2
1.9.2.3
1.9.3-RC
1.9.3
1.9.3.1
1.9.3.2
1.9.3.3
1.9.3.4
1.9.4-RC
1.9.4-RC1
1.9.4
1.9.4.1
1.9.4.2
1.9.4.3
1.9.4.4
1.9.4.5
1.9.4.6
1.9.4.8
2.*
2.0-RC1
2.0-RC2
2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.1
2.1.1
2.1.2
2.1.3
2.2
2.3
2.3.1
2.4
2.4.1
2.5
2.5.1
2.6
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.6.10
3.*
3.0-RC1
3.0-RC2
3.0
3.0.1
3.0.2
3.0.3
3.1
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.2-RC1
3.2-RC2
3.2
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.3-RC1
3.3-RC2
3.3-RC3
3.3
3.3-EA
3.3-EA2
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.4
3.4-EA
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.5
3.5-EA
3.5.1
3.5.2
3.5.3
3.5.4
3.5.5
3.6-RC1
3.6
3.6-EA
3.6-EA2
3.6-EA3
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.6.7
3.6.8
3.7
3.7-EA
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6
3.7.7
3.7.8
3.8-RC1
3.8
3.8-EA
3.8.1
3.8.2
3.8.3
3.8.4
3.8.5
3.8.6
3.8.7
3.8.8
3.8.9
3.9
3.9-EA
3.9.1
3.9.2
3.9.3
3.9.4
3.10-BETA-1
3.10-BETA-2
3.10
3.10.1
3.10.2
3.10.3
3.10.4
3.10.5
3.10.6
3.10.7
3.11-BETA-1
3.11
3.11.1
3.11.2
3.11.3
3.11.4
3.11.5
3.11.6
3.11.7
3.12-BETA-1
3.12-BETA-2
3.12
3.12.1
3.12.2
3.12.3
3.12.4
3.12.5
3.12.6
3.12.7
3.12.8
3.12.9
3.12.10
3.12.11
3.12.12
3.12.13
4.*
4.0-BETA-1
4.0-BETA-2
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.1-BETA-1
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.1.8
4.1.9
4.1.10
Maven / com.hazelcast:hazelcast
Package
- Name
- com.hazelcast:hazelcast
- View open source insights on deps.dev
- Purl
- pkg:maven/com.hazelcast/hazelcast
Maven / com.hazelcast:hazelcast
Package
- Name
- com.hazelcast:hazelcast
- View open source insights on deps.dev
- Purl
- pkg:maven/com.hazelcast/hazelcast
Maven / com.hazelcast:hazelcast
Package
- Name
- com.hazelcast:hazelcast
- View open source insights on deps.dev
- Purl
- pkg:maven/com.hazelcast/hazelcast
Maven / com.hazelcast:hazelcast
Package
- Name
- com.hazelcast:hazelcast
- View open source insights on deps.dev
- Purl
- pkg:maven/com.hazelcast/hazelcast
Maven / com.hazelcast:hazelcast
Package
- Name
- com.hazelcast:hazelcast
- View open source insights on deps.dev
- Purl
- pkg:maven/com.hazelcast/hazelcast