CVE-2023-45859

Name of the Vulnerable Software and Affected Versions Hazelcast versions 4.1.10 and earlier, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2 Bitbucket Data Center and Server versions 7.21.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, and 8.18.0 Confluence Data Center and Server version 5.5 and earlier versions

Description The issue is related to some client operations not checking permissions properly in Hazelcast, allowing authenticated users to access data stored in the cluster. This affects various versions of Hazelcast, as well as Bitbucket Data Center and Server, and Confluence Data Center and Server.

Recommendations For Hazelcast versions 4.1.10 and earlier, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, upgrade to version 5.2.5, 5.3.5, or 5.4.0-BETA-1. For Bitbucket Data Center and Server version 8.9, upgrade to a release greater than or equal to 8.9.14. For Confluence Data Center and Server, upgrade to the latest version or one of the specified supported fixed versions, such as 8.9.0 or 8.5.9 LTS.