CVE-2023-45859

Published Feb 28, 2024

Last updated a day ago

CVSS high 7.6

Overview

Description: In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.6
Impact score: 4.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-922

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A27DC77-9472-4170-A7D0-CAF88A8ED742",
            "versionEndIncluding": "4.1.10"
          },
          {
            "criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAEC1A2F-E2E2-40A6-9366-1127CB335BF0",
            "versionEndIncluding": "4.2.8",
            "versionStartIncluding": "4.2.0"
          },
          {
            "criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C03C4EBA-6110-4BE7-AEAD-D0B844D68EF5",
            "versionEndIncluding": "5.0.5",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B34E82BE-949F-464C-B2D9-8E7C69BD3636",
            "versionEndIncluding": "5.1.7",
            "versionStartIncluding": "5.1.0"
          },
          {
            "criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46B51F89-569F-415E-A84E-CF8240D57D2A",
            "versionEndExcluding": "5.2.5",
            "versionStartIncluding": "5.2.0"
          },
          {
            "criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BAF02F2-6A4D-40D1-AFBB-F152327FECE7",
            "versionEndExcluding": "5.3.5",
            "versionStartIncluding": "5.3.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References