Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-33265

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don’t check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.

CVE
#perl#auth

Related news

GHSA-c5vj-wp4v-mmvx: Hazelcast Executor Services don't check client permissions properly

### Impact In Hazelcast Platform, 5.0 through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, and Hazelcast IMDG (all versions up to 4.2.z), Executor Services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted. ### Patches Fix versions: 5.3.0, 5.2.4, 5.1.7, 5.0.5 ### Workarounds Users are only affected when they already use executor services (i.e., an instance exists as a distributed data structure).

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907