CVE-2023-45860: Hazelcast Platform permission checking in CSV File Source connector

February 16, 2024 (updated November 6, 2024)

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member’s filesystem.

References

github.com/advisories/GHSA-8h4x-xvjp-vf99
github.com/hazelcast/hazelcast
github.com/hazelcast/hazelcast/commit/98be233e79cf4bc1ff3c7126a9189988bd0e87bd
github.com/hazelcast/hazelcast/pull/25348
github.com/hazelcast/hazelcast/security/advisories/GHSA-8h4x-xvjp-vf99
nvd.nist.gov/vuln/detail/CVE-2023-45860

Detect and mitigate CVE-2023-45860 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →