CVE-2023-33265

EUVD-2023-2023
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
hazelcasthazelcast
5.0.0 ≤
𝑥
< 5.0.5
hazelcasthazelcast
5.0.0 ≤
𝑥
< 5.0.5
hazelcasthazelcast
5.1.0 ≤
𝑥
< 5.1.7
hazelcasthazelcast
5.1.0 ≤
𝑥
< 5.1.7
hazelcasthazelcast
5.2.0 ≤
𝑥
< 5.2.4
hazelcasthazelcast
5.2.0 ≤
𝑥
< 5.2.4
hazelcastimdg
𝑥
≤ 4.2.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/hazelcast/hazelcast
https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265
https://github.com/hazelcast/hazelcast
https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265