CVE-2018-14669

Published: Aug 15, 2019Modified: Jun 25, 2025

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.

Affected (1)

Products: Clickhouse: Clickhouse

Clickhouse

1 product

Clickhouse

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Clickhouse Clickhouse	Before 1.1.54390

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://clickhouse.yandex/docs/en/security_changelog/

Source: browser-security@yandex-team.ru

Release NotesVendor Advisory

https://clickhouse.yandex/docs/en/security_changelog/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.