Clickhouse
by Clickhouse
Source repositories
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14672 | 0.00 | — | 0.02 | Aug 15, 2019 | In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages. | |||
| CVE-2018-14671 | 0.00 | — | 0.03 | Aug 15, 2019 | In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability. | |||
| CVE-2018-14669 | 0.00 | — | 0.02 | Aug 15, 2019 | ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server. | |||
| CVE-2018-14668 | 0.00 | — | 0.01 | Aug 15, 2019 | In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks. | |||
| CVE-2018-14670 | 0.00 | — | 0.02 | Aug 15, 2019 | Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database. |
- CVE-2018-14672Aug 15, 2019risk 0.00cvss —epss 0.02
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.
- CVE-2018-14671Aug 15, 2019risk 0.00cvss —epss 0.03
In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.
- CVE-2018-14669Aug 15, 2019risk 0.00cvss —epss 0.02
ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.
- CVE-2018-14668Aug 15, 2019risk 0.00cvss —epss 0.01
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.
- CVE-2018-14670Aug 15, 2019risk 0.00cvss —epss 0.02
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.
Page 2 of 2