CVE-2023-33264

MEDIUM

Hazelcast <5.0.4, <5.1.6, <5.2.3 - Info Disclosure

Title source: llm

Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

References (1)

[Patch] https://github.com/hazelcast/hazelcast/pull/24266

Scores

CVSS v3 4.3

EPSS 0.0161

EPSS Percentile 81.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

hazelcast/hazelcast < 5.0.4

com.hazelcast/hazelcast Maven

Timeline

Published May 22, 2023

Tracked Since Feb 18, 2026