ГлавнаяУязвимости → CVE-2023-45859
7.6высокая

CVE-2023-45859

Описание

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.

Затрагиваемое ПО
Hazelcast Hazelcast
CVSS
Балл7.6 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Источники
https://github.com/hazelcast/hazelcast/pull/25509https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66https://github.com/hazelcast/hazelcast/pull/25509https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66