Improper Client Permission Validation in Hazelcast Executor Services

Improper Client Permission Validation in Hazelcast Executor Services

CVE-2023-33265 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.

Learn more about our User Device Pen Test.