{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-33264", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-01-21T15:20:07.435Z", "dateReserved": "2023-05-22T00:00:00", "datePublished": "2023-05-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-05-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/hazelcast/hazelcast/pull/24266"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:39:36.071Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/hazelcast/hazelcast/pull/24266", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-21T15:19:12.311118Z", "id": "CVE-2023-33264", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T15:20:07.435Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/hazelcast/hazelcast/pull/24266", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:39:36.071Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-33264", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-21T15:19:12.311118Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T15:19:58.929Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/hazelcast/hazelcast/pull/24266"}], "descriptions": [{"lang": "en", "value": "In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-05-22T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-33264", "state": "PUBLISHED", "dateUpdated": "2025-01-21T15:20:07.435Z", "dateReserved": "2023-05-22T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-05-22T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "matchCriteriaId": "A12D1018-C3A9-47B4-8930-99168FE6A6DD", "versionEndIncluding": "5.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5E94137-3D43-4D58-96FB-8C1738BFD37A", "versionEndExcluding": "5.1.6", "versionStartIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CE94172-E7C3-4FC8-B95E-8298AD3240BF", "versionEndIncluding": "5.2.3", "versionStartIncluding": "5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets."}], "id": "CVE-2023-33264", "lastModified": "2024-11-21T08:05:17.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-22T01:15:44.333", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/hazelcast/hazelcast/pull/24266"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/hazelcast/hazelcast/pull/24266"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "hazelcast: Improper password mask", "id": "2210316", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210316"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-522", "details": ["In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.", "A flaw was found in Hazelcast. Configuration routines do not mask the password in the member configuration properly, which may allow Hazelcast Management Center users to view some of the secrets."], "name": "CVE-2023-33264", "package_state": [{"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "hazelcast", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Will not fix", "package_name": "hazelcast", "product_name": "Red Hat Integration Camel Quarkus"}], "public_date": "2023-05-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-33264\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-33264"], "threat_severity": "Moderate", "upstream_fix": "hazelcast 5.0.4, hazelcast 5.1.6, hazelcast 5.2.3"}