CVE-2018-14669

Name of the Vulnerable Software and Affected Versions ClickHouse MySQL client versions prior to 1.1.54390

Description The issue concerns the "LOAD DATA LOCAL INFILE" functionality in the ClickHouse MySQL client, which was enabled and allowed a malicious MySQL database to read arbitrary files from the connected ClickHouse server.

Recommendations For versions prior to 1.1.54390, update to version 1.1.54390 or later to resolve the issue. As a temporary workaround, consider disabling the "LOAD DATA LOCAL INFILE" functionality until a patch is available. Restrict access to sensitive files on the ClickHouse server to minimize the risk of exploitation.