{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-45859", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-29T16:42:41.602Z", "dateReserved": "2023-10-14T00:00:00.000Z", "datePublished": "2024-02-28T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-28T22:00:24.680Z"}, "descriptions": [{"lang": "en", "value": "In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/hazelcast/hazelcast/pull/25509"}, {"url": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-922", "lang": "en", "description": "CWE-922 Insecure Storage of Sensitive Information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-01T18:45:07.416874Z", "id": "CVE-2023-45859", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T16:42:41.602Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:29:32.492Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/hazelcast/hazelcast/pull/25509", "tags": ["x_transferred"]}, {"url": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/hazelcast/hazelcast/pull/25509", "tags": ["x_transferred"]}, {"url": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:29:32.492Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-45859", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-01T18:45:07.416874Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.574Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/hazelcast/hazelcast/pull/25509"}, {"url": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66"}], "descriptions": [{"lang": "en", "value": "In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-28T22:00:24.680854"}}}, "cveMetadata": {"cveId": "CVE-2023-45859", "state": "PUBLISHED", "dateUpdated": "2024-11-29T16:42:41.602Z", "dateReserved": "2023-10-14T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-02-28T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A27DC77-9472-4170-A7D0-CAF88A8ED742", "versionEndIncluding": "4.1.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAEC1A2F-E2E2-40A6-9366-1127CB335BF0", "versionEndIncluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "matchCriteriaId": "C03C4EBA-6110-4BE7-AEAD-D0B844D68EF5", "versionEndIncluding": "5.0.5", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "matchCriteriaId": "B34E82BE-949F-464C-B2D9-8E7C69BD3636", "versionEndIncluding": "5.1.7", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "matchCriteriaId": "46B51F89-569F-415E-A84E-CF8240D57D2A", "versionEndExcluding": "5.2.5", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BAF02F2-6A4D-40D1-AFBB-F152327FECE7", "versionEndExcluding": "5.3.5", "versionStartIncluding": "5.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster."}, {"lang": "es", "value": "En Hazelcast hasta 4.1.10, 4.2 hasta 4.2.8, 5.0 hasta 5.0.5, 5.1 hasta 5.1.7, 5.2 hasta 5.2.4 y 5.3 hasta 5.3.2, algunas operaciones de cliente no verifican los permisos correctamente, lo que permite a los usuarios autenticados acceder a los datos almacenados en el cl\u00faster."}], "id": "CVE-2023-45859", "lastModified": "2025-05-13T14:52:22.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-28T22:15:26.070", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/hazelcast/hazelcast/pull/25509"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/hazelcast/hazelcast/pull/25509"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-922"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}