CVE-2023-33264
MEDIUM4.3EPSS 2.5%Hazelcast vulnerable to unmasked password exposure
Published: 5/22/2023Modified: 10/2/2025
Description
In Hazelcast before 5.3.0, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.
Affected packages (1)
- Maven/com.hazelcast:hazelcast>= 4.0-BETA-1, <= 4.2.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-33264
- PATCHhttps://github.com/hazelcast/hazelcast
- WEBhttps://github.com/hazelcast/hazelcast/commit/74eed86c2b2b727148c442e98a01d0ca6941a49e
- WEBhttps://github.com/hazelcast/hazelcast/pull/24266
- WEBhttps://github.com/hazelcast/hazelcast/pull/24266/commits/80a502d53cc48bf895711ab55f95e3a51e344ac1