CVE-2023-33265: Hazelcast Executor Services don't check client permissions properly
7.6
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.39123%
CWE
Published
7/19/2023
Updated
11/7/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.hazelcast:hazelcast | maven | >= 5.2.0, <= 5.2.3 | 5.2.4 |
| com.hazelcast:hazelcast | maven | >= 5.1.0, <= 5.1.6 | 5.1.7 |
| com.hazelcast:hazelcast | maven | <= 5.0.4 | 5.0.5 |
| com.hazelcast:hazelcast-enterprise | maven | >= 5.2.0, <= 5.2.3 | 5.2.4 |
| com.hazelcast:hazelcast-enterprise | maven | >= 5.1.0, <= 5.1.6 | 5.1.7 |
| com.hazelcast:hazelcast-enterprise | maven | <= 5.0.4 | 5.0.5 |