CVE-2023-33265

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
hazelcasthazelcast
5.0.0 ≤
𝑥
< 5.0.5
hazelcasthazelcast
5.0.0 ≤
𝑥
< 5.0.5
hazelcasthazelcast
5.1.0 ≤
𝑥
< 5.1.7
hazelcasthazelcast
5.1.0 ≤
𝑥
< 5.1.7
hazelcasthazelcast
5.2.0 ≤
𝑥
< 5.2.4
hazelcasthazelcast
5.2.0 ≤
𝑥
< 5.2.4
hazelcastimdg
𝑥
≤ 4.2.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/hazelcast/hazelcast
https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265
https://github.com/hazelcast/hazelcast
https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265