High severityNVD Advisory· Published Jul 18, 2023· Updated Oct 28, 2024
CVE-2023-33265
CVE-2023-33265
Description
In Hazelcast, executor services fail to enforce client permissions, allowing authenticated users to execute arbitrary tasks on cluster members.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In Hazelcast, executor services fail to enforce client permissions, allowing authenticated users to execute arbitrary tasks on cluster members.
Vulnerability
Overview
CVE-2023-33265 is a permission bypass vulnerability in Hazelcast's executor services. The flaw exists because these services do not properly verify client permissions before allowing task execution on cluster members. This affects Hazelcast versions through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3 [1].
Exploitation
An authenticated attacker can exploit this vulnerability by submitting tasks to executor services without having the required permissions. The attacker needs network access to a Hazelcast cluster and valid authentication credentials, but no additional privileges. The executor services will accept and run these tasks, bypassing the intended authorization checks.
Impact
Successful exploitation allows an attacker to execute arbitrary tasks on cluster members, potentially leading to data access, modification, or disruption of services. The impact is limited to the permissions of the targeted member, but can be significant if the member has elevated privileges.
Mitigation
Hazelcast has released patched versions 5.0.5 [4], 5.1.7, and 5.2.4 [3] that correct the permission check. Users are advised to upgrade to the latest available version for their branch.
References
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.hazelcast:hazelcastMaven | >= 5.2.0, < 5.2.4 | 5.2.4 |
com.hazelcast:hazelcastMaven | >= 5.1.0, < 5.1.7 | 5.1.7 |
com.hazelcast:hazelcastMaven | < 5.0.5 | 5.0.5 |
com.hazelcast:hazelcast-enterpriseMaven | >= 5.2.0, < 5.2.4 | 5.2.4 |
com.hazelcast:hazelcast-enterpriseMaven | >= 5.1.0, < 5.1.7 | 5.1.7 |
com.hazelcast:hazelcast-enterpriseMaven | < 5.0.5 | 5.0.5 |
Affected products
3- ghsa-coords2 versions
>= 5.2.0, < 5.2.4+ 1 more
- (no CPE)range: >= 5.2.0, < 5.2.4
- (no CPE)range: >= 5.2.0, < 5.2.4
Patches
374bb9d9cbd2dUpgrade version to 5.0.5
35 files changed · +45 −45
distribution/pom.xml+1 −1 modified@@ -21,7 +21,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <relativePath>../pom.xml</relativePath> </parent>
extensions/avro/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <build>
extensions/cdc-debezium/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <properties>
extensions/cdc-mysql/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <properties>
extensions/cdc-postgres/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <properties>
extensions/csv/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <build>
extensions/elasticsearch/elasticsearch-5/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <relativePath>../../pom.xml</relativePath> </parent>
extensions/elasticsearch/elasticsearch-6/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <relativePath>../../pom.xml</relativePath> </parent>
extensions/elasticsearch/elasticsearch-7/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <relativePath>../../pom.xml</relativePath> </parent>
extensions/grpc/pom.xml+1 −1 modified@@ -24,7 +24,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <build>
extensions/hadoop-dist/files-azure/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-hadoop-dist</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <build>
extensions/hadoop-dist/files-gcs/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-hadoop-dist</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <build>
extensions/hadoop-dist/files-s3/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <artifactId>hazelcast-jet-hadoop-dist</artifactId> <groupId>com.hazelcast.jet</groupId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <relativePath>../pom.xml</relativePath> </parent>
extensions/hadoop-dist/hadoop-all/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-hadoop-dist</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <build>
extensions/hadoop-dist/hadoop/pom.xml+1 −1 modified@@ -27,7 +27,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-hadoop-dist</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <build>
extensions/hadoop-dist/pom.xml+2 −2 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <properties> @@ -122,7 +122,7 @@ <dependency> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-hadoop-core</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </dependency> <dependency> <groupId>org.apache.hadoop</groupId>
extensions/hadoop/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <build>
extensions/hazelcast-3-connector/hazelcast-3-connector-common/pom.xml+6 −6 modified@@ -5,32 +5,32 @@ <parent> <artifactId>hazelcast-3-connector-root</artifactId> <groupId>com.hazelcast</groupId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <artifactId>hazelcast-3-connector-common</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <name>hazelcast-3-connector-common</name> <dependencies> <dependency> <groupId>com.hazelcast</groupId> <artifactId>hazelcast</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </dependency> <dependency> <groupId>com.hazelcast</groupId> <artifactId>hazelcast</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <type>test-jar</type> </dependency> <dependency> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-3-connector-interface</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </dependency> <dependency> @@ -59,7 +59,7 @@ <dependency> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-3-connector-impl</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </dependency> </dependencies> </plugin>
extensions/hazelcast-3-connector/hazelcast-3-connector-impl/pom.xml+3 −3 modified@@ -5,11 +5,11 @@ <parent> <artifactId>hazelcast-3-connector-root</artifactId> <groupId>com.hazelcast</groupId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <artifactId>hazelcast-3-connector-impl</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <name>hazelcast-3-connector-impl</name> @@ -43,7 +43,7 @@ <dependency> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-3-connector-interface</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </dependency> <dependency> <groupId>com.hazelcast</groupId>
extensions/hazelcast-3-connector/hazelcast-3-connector-interface/pom.xml+2 −2 modified@@ -5,11 +5,11 @@ <parent> <artifactId>hazelcast-3-connector-root</artifactId> <groupId>com.hazelcast</groupId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <artifactId>hazelcast-3-connector-interface</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <name>hazelcast-3-connector-interface</name> </project>
extensions/hazelcast-3-connector/pom.xml+2 −2 modified@@ -6,12 +6,12 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <relativePath>../../pom.xml</relativePath> </parent> <artifactId>hazelcast-3-connector-root</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <packaging>pom</packaging> <name>hazelcast-3-connector-root</name>
extensions/kafka/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <build>
extensions/kinesis/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <build>
extensions/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <modules>
extensions/protobuf/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <build>
extensions/python/pom.xml+1 −1 modified@@ -24,7 +24,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <build>
extensions/s3/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> </parent> <properties>
hazelcast-archunit-rules/pom.xml+1 −1 modified@@ -25,7 +25,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast-build-utils/pom.xml+1 −1 modified@@ -25,7 +25,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast/pom.xml+1 −1 modified@@ -26,7 +26,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast-spring/pom.xml+1 −1 modified@@ -25,7 +25,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast-spring-tests/pom.xml+1 −1 modified@@ -25,7 +25,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast-sql/pom.xml+1 −1 modified@@ -28,7 +28,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <relativePath>../pom.xml</relativePath> </parent>
modulepath-tests/pom.xml+1 −1 modified@@ -27,7 +27,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <relativePath>../pom.xml</relativePath> </parent>
pom.xml+1 −1 modified@@ -23,7 +23,7 @@ <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> <packaging>pom</packaging> - <version>5.0.5-SNAPSHOT</version> + <version>5.0.5</version> <name>Hazelcast Root</name> <description>Hazelcast In-Memory DataGrid</description> <url>http://www.hazelcast.com/</url>
4508077c2071Upgrade version to 5.1.7
37 files changed · +47 −47
distribution/pom.xml+1 −1 modified@@ -21,7 +21,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <relativePath>../pom.xml</relativePath> </parent>
extensions/avro/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <build>
extensions/cdc-debezium/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <properties>
extensions/cdc-mysql/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <properties>
extensions/cdc-postgres/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <properties>
extensions/csv/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <build>
extensions/elasticsearch/elasticsearch-6/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <relativePath>../../pom.xml</relativePath> </parent>
extensions/elasticsearch/elasticsearch-7/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <relativePath>../../pom.xml</relativePath> </parent>
extensions/grpc/pom.xml+1 −1 modified@@ -24,7 +24,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <build>
extensions/hadoop-dist/files-azure/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-hadoop-dist</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <build>
extensions/hadoop-dist/files-gcs/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-hadoop-dist</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <build>
extensions/hadoop-dist/files-s3/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <artifactId>hazelcast-jet-hadoop-dist</artifactId> <groupId>com.hazelcast.jet</groupId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <relativePath>../pom.xml</relativePath> </parent>
extensions/hadoop-dist/hadoop-all/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-hadoop-dist</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <build>
extensions/hadoop-dist/hadoop/pom.xml+1 −1 modified@@ -27,7 +27,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-hadoop-dist</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <build>
extensions/hadoop-dist/pom.xml+2 −2 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <properties> @@ -97,7 +97,7 @@ <dependency> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-hadoop-core</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </dependency> <dependency> <groupId>org.apache.hadoop</groupId>
extensions/hadoop/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <build>
extensions/hazelcast-3-connector/hazelcast-3-connector-common/pom.xml+6 −6 modified@@ -5,32 +5,32 @@ <parent> <artifactId>hazelcast-3-connector-root</artifactId> <groupId>com.hazelcast</groupId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <artifactId>hazelcast-3-connector-common</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <name>hazelcast-3-connector-common</name> <dependencies> <dependency> <groupId>com.hazelcast</groupId> <artifactId>hazelcast</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </dependency> <dependency> <groupId>com.hazelcast</groupId> <artifactId>hazelcast</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <type>test-jar</type> </dependency> <dependency> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-3-connector-interface</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </dependency> <dependency> @@ -59,7 +59,7 @@ <dependency> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-3-connector-impl</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </dependency> </dependencies> </plugin>
extensions/hazelcast-3-connector/hazelcast-3-connector-impl/pom.xml+3 −3 modified@@ -5,11 +5,11 @@ <parent> <artifactId>hazelcast-3-connector-root</artifactId> <groupId>com.hazelcast</groupId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <artifactId>hazelcast-3-connector-impl</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <name>hazelcast-3-connector-impl</name> @@ -43,7 +43,7 @@ <dependency> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-3-connector-interface</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </dependency> <dependency> <groupId>com.hazelcast</groupId>
extensions/hazelcast-3-connector/hazelcast-3-connector-interface/pom.xml+2 −2 modified@@ -5,11 +5,11 @@ <parent> <artifactId>hazelcast-3-connector-root</artifactId> <groupId>com.hazelcast</groupId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <artifactId>hazelcast-3-connector-interface</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <name>hazelcast-3-connector-interface</name> </project>
extensions/hazelcast-3-connector/pom.xml+2 −2 modified@@ -6,12 +6,12 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <relativePath>../../pom.xml</relativePath> </parent> <artifactId>hazelcast-3-connector-root</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <packaging>pom</packaging> <name>hazelcast-3-connector-root</name>
extensions/kafka/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <build>
extensions/kinesis/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <build>
extensions/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <modules>
extensions/protobuf/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <build>
extensions/python/pom.xml+1 −1 modified@@ -24,7 +24,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <build>
extensions/s3/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <properties>
hazelcast-archunit-rules/pom.xml+1 −1 modified@@ -25,7 +25,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast-build-utils/pom.xml+1 −1 modified@@ -25,7 +25,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast-it/distribution-it/pom.xml+1 −1 modified@@ -6,7 +6,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-it</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <artifactId>distribution-it</artifactId>
hazelcast-it/jdk17-tests/pom.xml+1 −1 modified@@ -6,7 +6,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-it</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <artifactId>jdk17-tests</artifactId>
hazelcast-it/pom.xml+1 −1 modified@@ -22,7 +22,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> </parent> <artifactId>hazelcast-it</artifactId>
hazelcast/pom.xml+1 −1 modified@@ -26,7 +26,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast-spring/pom.xml+1 −1 modified@@ -25,7 +25,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast-spring-tests/pom.xml+1 −1 modified@@ -25,7 +25,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast-sql/pom.xml+1 −1 modified@@ -28,7 +28,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <relativePath>../pom.xml</relativePath> </parent>
modulepath-tests/pom.xml+1 −1 modified@@ -27,7 +27,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <relativePath>../pom.xml</relativePath> </parent>
pom.xml+1 −1 modified@@ -23,7 +23,7 @@ <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> <packaging>pom</packaging> - <version>5.1.7-SNAPSHOT</version> + <version>5.1.7</version> <name>Hazelcast Root</name> <description>Hazelcast In-Memory DataGrid</description> <url>http://www.hazelcast.com/</url>
d8c0953be288Upgrade version to 5.2.4
39 files changed · +39 −39
distribution/pom.xml+1 −1 modified@@ -21,7 +21,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> <relativePath>../pom.xml</relativePath> </parent>
extensions/avro/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <build>
extensions/cdc-debezium/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <properties>
extensions/cdc-mysql/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <properties>
extensions/cdc-postgres/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <properties>
extensions/csv/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <build>
extensions/elasticsearch/elasticsearch-6/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> <relativePath>../../pom.xml</relativePath> </parent>
extensions/elasticsearch/elasticsearch-7/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> <relativePath>../../pom.xml</relativePath> </parent>
extensions/grpc/pom.xml+1 −1 modified@@ -24,7 +24,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <build>
extensions/hadoop-dist/files-azure/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-hadoop-dist</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <build>
extensions/hadoop-dist/files-gcs/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-hadoop-dist</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <build>
extensions/hadoop-dist/files-s3/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <artifactId>hazelcast-jet-hadoop-dist</artifactId> <groupId>com.hazelcast.jet</groupId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> <relativePath>../pom.xml</relativePath> </parent>
extensions/hadoop-dist/hadoop-all/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-hadoop-dist</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <build>
extensions/hadoop-dist/hadoop/pom.xml+1 −1 modified@@ -27,7 +27,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-hadoop-dist</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <build>
extensions/hadoop-dist/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <properties>
extensions/hadoop/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <build>
extensions/hazelcast-3-connector/hazelcast-3-connector-common/pom.xml+1 −1 modified@@ -5,7 +5,7 @@ <parent> <artifactId>hazelcast-3-connector-root</artifactId> <groupId>com.hazelcast</groupId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <artifactId>hazelcast-3-connector-common</artifactId>
extensions/hazelcast-3-connector/hazelcast-3-connector-impl/pom.xml+1 −1 modified@@ -5,7 +5,7 @@ <parent> <artifactId>hazelcast-3-connector-root</artifactId> <groupId>com.hazelcast</groupId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <artifactId>hazelcast-3-connector-impl</artifactId>
extensions/hazelcast-3-connector/hazelcast-3-connector-interface/pom.xml+1 −1 modified@@ -5,7 +5,7 @@ <parent> <artifactId>hazelcast-3-connector-root</artifactId> <groupId>com.hazelcast</groupId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <artifactId>hazelcast-3-connector-interface</artifactId>
extensions/hazelcast-3-connector/pom.xml+1 −1 modified@@ -6,7 +6,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> <relativePath>../../pom.xml</relativePath> </parent>
extensions/kafka/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <build>
extensions/kinesis/pom.xml+1 −1 modified@@ -29,7 +29,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <build>
extensions/mapstore/pom.xml+1 −1 modified@@ -32,7 +32,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <build>
extensions/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <modules>
extensions/protobuf/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <build>
extensions/python/pom.xml+1 −1 modified@@ -24,7 +24,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <build>
extensions/s3/pom.xml+1 −1 modified@@ -30,7 +30,7 @@ <parent> <groupId>com.hazelcast.jet</groupId> <artifactId>hazelcast-jet-extensions</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <properties>
hazelcast-archunit-rules/pom.xml+1 −1 modified@@ -25,7 +25,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast-build-utils/pom.xml+1 −1 modified@@ -25,7 +25,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast-coverage-report/pom.xml+1 −1 modified@@ -20,7 +20,7 @@ <parent> <artifactId>hazelcast-root</artifactId> <groupId>com.hazelcast</groupId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <modelVersion>4.0.0</modelVersion> <packaging>pom</packaging>
hazelcast-it/distribution-it/pom.xml+1 −1 modified@@ -6,7 +6,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-it</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <artifactId>distribution-it</artifactId>
hazelcast-it/jdk17-tests/pom.xml+1 −1 modified@@ -6,7 +6,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-it</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <artifactId>jdk17-tests</artifactId>
hazelcast-it/pom.xml+1 −1 modified@@ -22,7 +22,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> </parent> <artifactId>hazelcast-it</artifactId>
hazelcast/pom.xml+1 −1 modified@@ -26,7 +26,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast-spring/pom.xml+1 −1 modified@@ -25,7 +25,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast-spring-tests/pom.xml+1 −1 modified@@ -25,7 +25,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> <relativePath>../pom.xml</relativePath> </parent>
hazelcast-sql/pom.xml+1 −1 modified@@ -28,7 +28,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> <relativePath>../pom.xml</relativePath> </parent>
modulepath-tests/pom.xml+1 −1 modified@@ -27,7 +27,7 @@ <parent> <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> <relativePath>../pom.xml</relativePath> </parent>
pom.xml+1 −1 modified@@ -23,7 +23,7 @@ <groupId>com.hazelcast</groupId> <artifactId>hazelcast-root</artifactId> <packaging>pom</packaging> - <version>5.2.4-SNAPSHOT</version> + <version>5.2.4</version> <name>Hazelcast Root</name> <description>Hazelcast In-Memory DataGrid</description> <url>http://www.hazelcast.com/</url>
Vulnerability mechanics
Root cause
"Executor services in Hazelcast do not verify client permissions before allowing task execution, enabling authenticated users to run tasks without the required permissions."
Attack vector
An authenticated Hazelcast client can submit tasks to executor services on cluster members without having the required permissions granted. The advisory indicates that executor services fail to verify client permissions, so any authenticated user can invoke executor operations that should be restricted. The attack is carried out over the Hazelcast network protocol by sending executor service operation requests. No special configuration or elevated privileges are needed beyond valid cluster authentication [patch_id=1640754][patch_id=1640756][patch_id=1640758].
Affected code
The advisory states that executor services in Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3 do not check client permissions properly. The supplied patches ([patch_id=1640754], [patch_id=1640756], [patch_id=1640758]) only bump version numbers from SNAPSHOT to release; they do not contain the actual permission-check fix. The underlying code path is in the executor service implementation, but the specific files and functions are not shown in the supplied bundle.
What the fix does
The supplied patches ([patch_id=1640754], [patch_id=1640756], [patch_id=1640758]) only update version strings from SNAPSHOT to the release version (e.g., 5.0.5, 5.1.7, 5.2.4) in POM files. They do not contain any code changes to executor service permission checking. The actual security fix that adds proper permission checks to executor services is not included in the supplied bundle; the advisory states that the fix was released in versions 5.0.5, 5.1.7, and 5.2.4, but the corresponding code diff is not provided.
Preconditions
- authAttacker must be an authenticated user of the Hazelcast cluster.
- networkAttacker must be able to send executor service operation requests over the Hazelcast network protocol.
Generated on May 23, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-c5vj-wp4v-mmvxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-33265ghsaADVISORY
- github.com/hazelcast/hazelcast/releases/tag/v5.0.5ghsaWEB
- github.com/hazelcast/hazelcast/releases/tag/v5.1.7ghsaWEB
- github.com/hazelcast/hazelcast/releases/tag/v5.2.4ghsaWEB
- github.com/hazelcast/hazelcast/security/advisories/GHSA-c5vj-wp4v-mmvxghsaWEB
- support.hazelcast.com/s/article/Security-Advisory-for-CVE-2023-33265ghsaWEB
News mentions
0No linked articles in our index yet.