File Read Vulnerability in ClickHouse MySQL Client
CVE-2018-14669

7.5HIGH

Key Information:

Vendor: Yandex
Status: Clickhouse
Vendor: CVE Published:; 15 August 2019

What is CVE-2018-14669?

The ClickHouse MySQL client prior to version 1.1.54390 has a security flaw that allows an attacker to exploit the 'LOAD DATA LOCAL INFILE' feature. This vulnerability enables unauthorized access to read arbitrary files from the connected ClickHouse server, potentially exposing sensitive information. It is crucial for users to upgrade to the latest version to mitigate this risk and secure their database environments against possible exploitation.

Affected Version(s)

ClickHouse All versions prior to version 1.1.54390.

References

https://clickhouse.yandex/docs/en/security_changelog/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2019
Vulnerability Reserved
Jul 27, 2018

JSON

Yandex

What is CVE-2018-14669?

Affected Version(s)

References

CVSS V3.1

Timeline