CVE-2023-33264: Hazelcast vulnerable to unmasked password exposure

May 22, 2023 (updated June 3, 2024)

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don’t mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

References

github.com/advisories/GHSA-5gj6-62g7-vmgf
github.com/hazelcast/hazelcast/commit/74eed86c2b2b727148c442e98a01d0ca6941a49e
github.com/hazelcast/hazelcast/pull/24266
github.com/hazelcast/hazelcast/pull/24266/commits/80a502d53cc48bf895711ab55f95e3a51e344ac1
nvd.nist.gov/vuln/detail/CVE-2023-33264

Code Behaviors & Features

Detect and mitigate CVE-2023-33264 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →