CVE-2023-45860

Hazelcast Platform permission checking in CSV File Source connector in maven/com.hazelcast/hazelcast

Identifiers

GHSA-8h4x-xvjp-vf99, CVE-2023-45860

Package Slug

maven/com.hazelcast/hazelcast

Vulnerability

Hazelcast Platform permission checking in CSV File Source connector

Description

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.

Affected Versions

All versions up to 5.1.7, all versions starting from 5.2.0 up to 5.2.4, all versions starting from 5.3.0 up to 5.3.4

Solution

Upgrade to version 5.3.5 or above.

Last Modified

2024-02-19

source