Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-45860

Опубликовано: 16 фев. 2024
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.

A flaw was found in the Hazelcast Platform. The flaw exists in SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.

Меры по смягчению последствий

Disabling the Hazelcast Jet processing engine in the Hazelcast member configuration is a workaround for the issue. As a result, SQL and Jet jobs won't work.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of Apache Camel for Spring Boot 3HazelcastOut of support scope
Red Hat build of Apache Camel for Spring Boot 4HazelcastNot affected
Red Hat Data Grid 8HazelcastNot affected
Red Hat Fuse 7HazelcastWill not fix
Red Hat Integration Camel K 1HazelcastWill not fix
Red Hat JBoss Data Grid 7HazelcastNot affected
Red Hat JBoss Enterprise Application Platform 7HazelcastWill not fix
Red Hat JBoss Enterprise Application Platform 8HazelcastNot affected
Red Hat JBoss Enterprise Application Platform Expansion PackHazelcastNot affected
streams for Apache KafkaHazelcastWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-276
https://bugzilla.redhat.com/show_bug.cgi?id=2264532Hazelcast: Permission checking in CSV File Source connector

EPSS

Процентиль: 64%
0.00459
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-45860

CVSS3: 6.5
nvd
почти 2 года назад

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.

debian логотип

CVE-2023-45860

CVSS3: 6.5
debian
почти 2 года назад

In Hazelcast Platform through 5.3.4, a security issue exists within th ...

github логотип

GHSA-8h4x-xvjp-vf99

CVSS3: 6.5
github
почти 2 года назад

Hazelcast Platform permission checking in CSV File Source connector

fstec логотип

BDU:2024-04514

CVSS3: 6.5
fstec
почти 2 года назад

Уязвимость платформы анализа данных Hazelcast, связанная с ошибками обработки разрешений, позволяющая нарушителю выполнять произвольные действия

EPSS

Процентиль: 64%
0.00459
Низкий

6.5 Medium

CVSS3