CVE-2023-33265

Name of the Vulnerable Software and Affected Versions Hazelcast versions 5.0 through 5.0.4 Hazelcast versions 5.1 through 5.1.6 Hazelcast versions 5.2 through 5.2.3 Hazelcast IMDG versions prior to 4.2.z

Description The issue is related to insufficient authorization procedures in Hazelcast, allowing authenticated users to execute tasks on members without the required permissions granted. This is due to executor services not checking client permissions properly.

Recommendations For Hazelcast versions 5.0 through 5.0.4, update to version 5.0.5. For Hazelcast versions 5.1 through 5.1.6, update to version 5.1.7. For Hazelcast versions 5.2 through 5.2.3, update to version 5.2.4. For Hazelcast versions 5.3 and later, no action is required as version 5.3.0 already includes the fix. As a temporary workaround, consider restricting the use of executor services to minimize the risk of exploitation, especially since users are only affected when they already use these services.