Clickhouse

clickhouse

25 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Clickhouse Cloud

clickhouse_cloud

CVEs (25)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-14672 1Clickhouse 1Clickhouse Jun 25, 2025 Aug 15, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.
CVE-2018-14671 1Clickhouse 1Clickhouse Jun 25, 2025 Aug 15, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.
CVE-2018-14670 1Clickhouse 1Clickhouse Jun 25, 2025 Aug 15, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.
CVE-2018-14669 1Clickhouse 1Clickhouse Jun 25, 2025 Aug 15, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.
CVE-2018-14668 1Clickhouse 1Clickhouse Jun 25, 2025 Aug 15, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.