{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "5.0.0" }, { "fixed": "5.0.5" }, { "introduced": "5.0.0" }, { "fixed": "5.0.5" }, { "introduced": "5.1.0" }, { "fixed": "5.1.7" }, { "introduced": "5.1.0" }, { "fixed": "5.1.7" }, { "introduced": "5.2.0" }, { "fixed": "5.2.4" }, { "introduced": "5.2.0" }, { "fixed": "5.2.4" }, { "introduced": "0" }, { "last_affected": "4.2.8" } ] }, "events": [ { "introduced": "0" }, { "fixed": "74bb9d9cbd2d6f996d5692bc805fd969b6907d72" }, { "introduced": "0" }, { "fixed": "74bb9d9cbd2d6f996d5692bc805fd969b6907d72" }, { "introduced": "0" }, { "fixed": "4508077c2071f97718a765bd7483056f60b398fd" }, { "introduced": "0" }, { "fixed": "4508077c2071f97718a765bd7483056f60b398fd" }, { "introduced": "1ab727191c858afcfc46cc1641fdf63c5ad761c5" }, { "fixed": "d8c0953be2885283ff73d5a3b66f69a66d58ea03" }, { "introduced": "1ab727191c858afcfc46cc1641fdf63c5ad761c5" }, { "fixed": "d8c0953be2885283ff73d5a3b66f69a66d58ea03" }, { "introduced": "0" }, { "last_affected": "eeda08aafe071206d7e1c6765fcffe96d22411fc" } ], "repo": "https://github.com/hazelcast/hazelcast", "type": "GIT" } ] } ], "details": "In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.", "id": "CVE-2023-33265", "modified": "2026-04-01T23:08:53.613662947Z", "published": "2023-07-18T16:15:11.693Z", "references": [ { "type": "ADVISORY", "url": "https://support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265" }, { "type": "PACKAGE", "url": "https://github.com/hazelcast/hazelcast" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }