PT-2019-13937 · Yandex+1 · Clickhouse+1

Eldar Zaitov

Publicado

2019-11-12

Atualizado

2025-06-25

CVE-2019-15024

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions ClickHouse versions prior to 19.14.3

Description The issue allows an attacker with write access to ZooKeeper and the ability to run a custom server on the network where ClickHouse runs to create a malicious server acting as a ClickHouse replica. This malicious replica can be registered in ZooKeeper, and when another replica fetches data from it, the attacker can force the clickhouse-server to write to an arbitrary path on the filesystem.

Recommendations For versions prior to 19.14.3, update to version 19.14.3 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2019-3124

CVE-2019-15024

Produtos afetados

Alt Linux

Clickhouse

PT-2019-13937 · Yandex+1 · Clickhouse+1

CVE-2019-15024

Identificadores relacionados

Produtos afetados

Referências · 9