CVE-2023-45859

{"id": "CVE-2023-45859", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.8}]}, "published": "2024-02-28T22:15:26.070", "references": [{"url": "https://github.com/hazelcast/hazelcast/pull/25509", "source": "cve@mitre.org"}, {"url": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66", "source": "cve@mitre.org"}, {"url": "https://github.com/hazelcast/hazelcast/pull/25509", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/hazelcast/hazelcast/security/advisories/GHSA-xh6m-7cr7-xx66", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster."}, {"lang": "es", "value": "En Hazelcast hasta 4.1.10, 4.2 hasta 4.2.8, 5.0 hasta 5.0.5, 5.1 hasta 5.1.7, 5.2 hasta 5.2.4 y 5.3 hasta 5.3.2, algunas operaciones de cliente no verifican los permisos correctamente, lo que permite a los usuarios autenticados acceder a los datos almacenados en el cl\u00faster."}], "lastModified": "2024-11-29T17:15:04.770", "sourceIdentifier": "cve@mitre.org"}