{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-33264", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T15:39:36.071Z", "dateReserved": "2023-05-22T00:00:00", "datePublished": "2023-05-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-05-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/hazelcast/hazelcast/pull/24266"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:39:36.071Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/hazelcast/hazelcast/pull/24266", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "matchCriteriaId": "A12D1018-C3A9-47B4-8930-99168FE6A6DD", "versionEndIncluding": "5.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5E94137-3D43-4D58-96FB-8C1738BFD37A", "versionEndExcluding": "5.1.6", "versionStartIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CE94172-E7C3-4FC8-B95E-8298AD3240BF", "versionEndIncluding": "5.2.3", "versionStartIncluding": "5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets."}], "id": "CVE-2023-33264", "lastModified": "2024-11-21T08:05:17.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-22T01:15:44.333", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/hazelcast/hazelcast/pull/24266"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/hazelcast/hazelcast/pull/24266"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "hazelcast: Improper password mask", "id": "2210316", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210316"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-522", "details": ["In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.", "A flaw was found in Hazelcast. Configuration routines do not mask the password in the member configuration properly, which may allow Hazelcast Management Center users to view some of the secrets."], "name": "CVE-2023-33264", "package_state": [{"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "hazelcast", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Will not fix", "package_name": "hazelcast", "product_name": "Red Hat Integration Camel Quarkus"}], "public_date": "2023-05-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-33264\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-33264"], "threat_severity": "Moderate", "upstream_fix": "hazelcast 5.0.4, hazelcast 5.1.6, hazelcast 5.2.3"}