CVE-2023-45859

HIGH Year: 2023
CVSS v3 Score
7.6
High
Weakness Type
CWE-922
View all →

Vulnerability Description

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.

Related Vulnerabilities

CVE-2022-0881

HIGH
CVSS:7.6(High)

Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.

CWE-9222022

CVE-2022-1021

HIGH
CVSS:7.6(High)

Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.

CWE-9222022

CVE-2019-12911

HIGH
CVSS:7.5(High)

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application.

CWE-9222019

CVE-2019-12914

HIGH
CVSS:7.5(High)

Redbrick Shift through 3.4.3 allows an attacker to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application.

CWE-9222019

CVE-2019-20060

HIGH
CVSS:7.5(High)

MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitiv...

CWE-9222019

CVE-2020-15775

HIGH
CVSS:7.5(High)

An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is...

CWE-9222020