com.hazelcast:hazelcast@5.1.5 vulnerabilities

com.hazelcast:hazelcast is a clustering and highly scalable data distribution platform.

Affected versions of this package are vulnerable to Improper Authorization due to missing permission checks on the Hazelcast client protocol. Authenticated users can access data stored in the cluster by exploiting this oversight.

Upgrade com.hazelcast:hazelcast to version 5.2.5, 5.3.5 or higher.

com.hazelcast:hazelcast is a clustering and highly scalable data distribution platform.

Affected versions of this package are vulnerable to Improper Access Control due to inadequate permission checking, within the SQL mapping for the CSV File Source connector. This could enable unauthorized clients to access data from files stored on a member's filesystem.

Upgrade com.hazelcast:hazelcast to version 5.3.5 or higher.

com.hazelcast:hazelcast is a clustering and highly scalable data distribution platform.

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in executor services, which don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions.

NOTE: Only users using executor services for distributed data structures are affected.

Upgrade com.hazelcast:hazelcast to version 5.0.5, 5.1.7, 5.2.4 or higher.

com.hazelcast:hazelcast is a clustering and highly scalable data distribution platform.

Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the ConfigXmlGenerator component due to improper password masking in the member configurations. Exploiting this vulnerability allows Hazelcast Management Center users to view members' secrets.

Upgrade com.hazelcast:hazelcast to version 5.1.6, 5.3.0 or higher.