- Description
- In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-89
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28E1EBD6-4B88-42FB-9152-D7A13D08FF60",
"versionEndIncluding": "5.1.7"
},
{
"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46B51F89-569F-415E-A84E-CF8240D57D2A",
"versionEndExcluding": "5.2.5",
"versionStartIncluding": "5.2.0"
},
{
"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BAF02F2-6A4D-40D1-AFBB-F152327FECE7",
"versionEndExcluding": "5.3.5",
"versionStartIncluding": "5.3.0"
}
],
"operator": "OR"
}
]
}
]