ClickHouse < 1.1.54131

The version of ClickHouse installed on the remote host is prior to 1.1.54131. It is, therefore, affected by an access control vulnerability. An Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database. Note that Nessus has not tested for...

ClickHouse < 18.12.13

The version of ClickHouse installed on the remote host is prior to 18.12.13. It is, therefore, affected by an arbitrary file read vulnerability, In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages. Note tha...

Fixed in ClickHouse v25.1.5.5, 2025-01-05​

When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...

PT-2024-29397 · Unknown +1 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: ClickHouse version 24.3.3.102 Description: A buffer overflow issue was discovered in ClickHouse via the component DB::evaluateConstantExpressionImpl. Recommendations: For ClickHouse version 24.3.3.102, consider disabling the...

PT-2021-6811 · Yandex +1 · Yandex Browser +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to v20.8.18.32-lts ClickHouse versions prior to v21.1.9.41-stable ClickHouse versions prior to v21.2.9.41-stable ClickHouse versions prior to v21.3.6.55-lts ClickHouse versions prior to v21.4.3.21-stable Yandex Brows...

PT-2019-9041 · Yandex · Clickhouse

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 1.1.54131 Description: The issue is related to an incorrect configuration in the deb package, which could allow unauthorized use of the database. Recommendations: For versions prior to 1.1.54131, update to version...