2210316 – (CVE-2023-33264) CVE-2023-33264 hazelcast: Improper password mask

Bug 2210316 (CVE-2023-33264) - CVE-2023-33264 hazelcast: Improper password mask

Summary: CVE-2023-33264 hazelcast: Improper password mask

Keywords:
Status:	NEW
Alias:	CVE-2023-33264
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2208955
TreeView+	depends on / blocked

Reported:	2023-05-26 14:56 UTC by Patrick Del Bello
Modified:	2023-07-21 22:26 UTC (History)
CC List:	8 users (show)
Fixed In Version:	hazelcast 5.0.4, hazelcast 5.1.6, hazelcast 5.2.3
Doc Type:	---
Doc Text:	A flaw was found in Hazelcast. Configuration routines do not mask the password in the member configuration properly, which may allow Hazelcast Management Center users to view some of the secrets.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Patrick Del Bello 2023-05-26 14:56:21 UTC

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

https://github.com/hazelcast/hazelcast/pull/24266

Note You need to log in before you can comment on or make changes to this bug.