Improper Preservation of Permissions
CVE-2023-45859
Summary
In Hazelcast versions through 3.12.14-atlassian-3, 4.x through 4.2.8, 5.x through 5.2.4, 5.3.x through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- LOW
- HIGH
- LOW
CWE-281 - Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
References
Advisory Timeline
- Published