CVE-2023-33264

MEDIUM

Hazelcast <5.0.4, <5.1.6, <5.2.3 - Info Disclosure

Title source: llm

Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

References (1)

Core 1

Core References

Patch

https://github.com/hazelcast/hazelcast/pull/24266

Scores

CVSS v3 4.3

EPSS 0.0072

EPSS Percentile 48.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-522

Status published

Products (2)

com.hazelcast/hazelcast 4.0-BETA-1Maven

hazelcast/hazelcast < 5.0.4

Published May 22, 2023

Tracked Since Feb 18, 2026