Overview
- Description
- In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-522
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A12D1018-C3A9-47B4-8930-99168FE6A6DD",
"versionEndIncluding": "5.0.4"
},
{
"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5E94137-3D43-4D58-96FB-8C1738BFD37A",
"versionEndExcluding": "5.1.6",
"versionStartIncluding": "5.1"
},
{
"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1CE94172-E7C3-4FC8-B95E-8298AD3240BF",
"versionEndIncluding": "5.2.3",
"versionStartIncluding": "5.2"
}
],
"operator": "OR"
}
]
}
]