CVE-2023-33265

HIGH

Hazelcast <5.0.4, 5.1<5.1.6, 5.2<5.2.3 - Privilege Escalation

Title source: llm
STIX 2.1

Description

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.

Scores

CVSS v3 8.8
EPSS 0.0057
EPSS Percentile 43.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-862
Status published
Products (4)
com.hazelcast/hazelcast 5.2.0 - 5.2.4Maven
com.hazelcast/hazelcast-enterprise 5.2.0 - 5.2.4Maven
hazelcast/hazelcast 5.0.0 - 5.0.5 (2 CPE variants)
hazelcast/imdg < 4.2.8
Published Jul 18, 2023
Tracked Since Feb 18, 2026