CVE-2023-33264

Hazelcast vulnerable to unmasked password exposure in maven/com.hazelcast/hazelcast

Identifiers

CVE-2023-33264, GHSA-5gj6-62g7-vmgf

Package Slug

maven/com.hazelcast/hazelcast

Vulnerability

Hazelcast vulnerable to unmasked password exposure

Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

Affected Versions

All versions starting from 5.0 before 5.0.4, all versions starting from 5.1 before 5.1.6, all versions starting from 5.2 before 5.2.3

Solution

Upgrade to versions 5.0.4, 5.1.6, 5.2.3 or above.

Last Modified

2023-05-23

source