CVE-2023-45860

Name of the Vulnerable Software and Affected Versions: Hazelcast Platform versions prior to 5.3.5

Description: The issue is related to inadequate permission checking within the SQL mapping for the CSV File Source connector in Hazelcast Platform. This could enable unauthorized clients to access data from files stored on a member's filesystem. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations: For versions prior to 5.3.5, update to version 5.3.5 or later to resolve the issue. As a temporary workaround, consider disabling the Hazelcast Jet processing engine in Hazelcast member configuration to minimize the risk of exploitation, noting that this will prevent SQL and Jet jobs from working.