Headline
GHSA-5gj6-62g7-vmgf: Hazelcast vulnerable to unmasked password exposure
In Hazelcast before 5.3.0, configuration routines don’t mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.
Hazelcast vulnerable to unmasked password exposure
Moderate severity GitHub Reviewed Published May 22, 2023 to the GitHub Advisory Database • Updated May 22, 2023
Related news
CVE-2023-33264: Extend set of masked fields in ConfigXmlGenerator [HZ-2289] by kwart · Pull Request #24266 · hazelcast/hazelcast
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.