Описание
Hazelcast Platform permission checking in CSV File Source connector
Impact
In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.
Patches
Fix versions: 5.3.5, 5.4.0-BETA-1
Workaround
Disabling Hazelcast Jet processing engine in Hazelcast member configuration workarounds the issue. As a result SQL and Jet jobs won't work.
Пакеты
com.hazelcast:hazelcast
>= 5.3.0, <= 5.3.4
5.3.5
com.hazelcast:hazelcast-enterprise
>= 5.3.0, <= 5.3.4
5.3.5
com.hazelcast:hazelcast-enterprise
>= 5.2.0, <= 5.2.4
5.2.5
com.hazelcast:hazelcast-enterprise
<= 5.1.7
Отсутствует
com.hazelcast:hazelcast
>= 5.2.0, <= 5.2.4
5.2.5
com.hazelcast:hazelcast
<= 5.1.7
Отсутствует
Связанные уязвимости
In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.
In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.
In Hazelcast Platform through 5.3.4, a security issue exists within th ...
Уязвимость платформы анализа данных Hazelcast, связанная с ошибками обработки разрешений, позволяющая нарушителю выполнять произвольные действия