CVE-2018-14668

Summary

In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.

Affected Software

VendorProductVersion RangeStatus
n/aClickHouseAll versions prior to version 1.1.54388.affected

Weaknesses

  • Cross Protocol Request Forgery

ADP Enrichment

CVE Program Container

Additional References

References