Clickhouse

Clickhouse

25 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2018-14668

  • EPSS 0.21%
  • Published 15.08.2019 18:15:13
  • Last modified 25.06.2025 20:48:54

In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.

5.3

CVE-2018-14672

  • EPSS 0.44%
  • Published 15.08.2019 18:15:13
  • Last modified 25.06.2025 20:48:54

In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.

9.8

CVE-2018-14671

  • EPSS 1.16%
  • Published 15.08.2019 18:15:13
  • Last modified 25.06.2025 20:48:54

In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.

9.8

CVE-2018-14670

  • EPSS 0.42%
  • Published 15.08.2019 18:15:13
  • Last modified 25.06.2025 20:48:54

Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.

7.5

CVE-2018-14669

  • EPSS 0.44%
  • Published 15.08.2019 18:15:13
  • Last modified 25.06.2025 20:48:54

ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.