13 matches found
EUVD-2018-6562
Malware in sbrugna...
CVE-2018-14668
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...
ClickHouse < 1.1.54388
The version of ClickHouse installed on the remote host is prior to 1.1.54388. It is, therefore, affected by a Cross Protocol Request Forgery vulnerability. In ClickHouse before 1.1.54388, remote table function allowed arbitrary symbols in user, password and defaultdatabase fields which led to Cro...
CVE-2018-14668
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...
CVE-2018-14668
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...
CVE-2018-14668
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...
Server side request forgery (ssrf)
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...
CVE-2018-14668
CVE-2018-14668 affects ClickHouse versions before 1.1.54388. The vulnerability arises from the remote table function allowing arbitrary symbols in the fields “user”, “password”, and “default_database,” enabling Cross Protocol Request Forgery Attacks. The available connected documents confirm the ...
CVE-2018-14668
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...
PT-2019-9039 · Yandex · Clickhouse
Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 1.1.54388 Description: The issue allows for Cross Protocol Request Forgery Attacks due to the "remote" table function permitting arbitrary symbols in the user, password, and default database fields. Recommendation...
Kache Cross Protocol Request Forgery
Title: Kache / CPRF Date: 03/01/2019 Discovered by: @codexlynx Software Version: var x = new XMLHttpRequest; x.open"POST", "http://:"; x.send"set mykey myvalue\n"; - POC 2: Exploit this CPRF for set a key via SSRF + CRLF Injection: https:///ssrf.php?urltopost=http://:/%0D%0Aset%20mykey%20myvalue...
Fixed in ClickHouse Release 1.1.54388, 2018-06-28
“remote” table function allowed arbitrary symbols in “user”, “password” and “defaultdatabase” fields which led to Cross Protocol Request Forgery Attacks...
Fixed in ClickHouse Release 1.1.54388, 2018-06-28
"remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...