Vulnerability Details CVE-2019-15024
In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.7%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2019-15024
-
cpe:2.3:a:clickhouse:clickhouse:-
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54011
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54019
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54020
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54022
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54023
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54030
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54046
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54074
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54080
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54083
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54112
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54127
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54131
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54133
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54134
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54135
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54144
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54159
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54165
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54181
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54188
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54190
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54198
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54231
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54236
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54242
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54245
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54276
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54282
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54284
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54289
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54292
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54304
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54310
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54318
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54327
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54335
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54336
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54337
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54342
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54343
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54358
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54362
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54370
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54378
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54380
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54381
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54383
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54385
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54388
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54390
-
cpe:2.3:a:clickhouse:clickhouse:1.1.54394
-
cpe:2.3:a:clickhouse:clickhouse:18.1.0
-
cpe:2.3:a:clickhouse:clickhouse:18.10.3
-
cpe:2.3:a:clickhouse:clickhouse:18.12.13
-
cpe:2.3:a:clickhouse:clickhouse:18.12.14
-
cpe:2.3:a:clickhouse:clickhouse:18.12.17
-
cpe:2.3:a:clickhouse:clickhouse:18.14.10
-
cpe:2.3:a:clickhouse:clickhouse:18.14.11
-
cpe:2.3:a:clickhouse:clickhouse:18.14.12
-
cpe:2.3:a:clickhouse:clickhouse:18.14.13
-
cpe:2.3:a:clickhouse:clickhouse:18.14.14
-
cpe:2.3:a:clickhouse:clickhouse:18.14.15
-
cpe:2.3:a:clickhouse:clickhouse:18.14.17
-
cpe:2.3:a:clickhouse:clickhouse:18.14.18
-
cpe:2.3:a:clickhouse:clickhouse:18.14.19
-
cpe:2.3:a:clickhouse:clickhouse:18.14.8
-
cpe:2.3:a:clickhouse:clickhouse:18.14.9
-
cpe:2.3:a:clickhouse:clickhouse:18.16.0
-
cpe:2.3:a:clickhouse:clickhouse:18.16.1
-
cpe:2.3:a:clickhouse:clickhouse:18.4.0
-
cpe:2.3:a:clickhouse:clickhouse:18.5.1
-
cpe:2.3:a:clickhouse:clickhouse:18.6.0
-
cpe:2.3:a:clickhouse:clickhouse:19.1.10
-
cpe:2.3:a:clickhouse:clickhouse:19.1.13
-
cpe:2.3:a:clickhouse:clickhouse:19.1.14
-
cpe:2.3:a:clickhouse:clickhouse:19.1.15.73
-
cpe:2.3:a:clickhouse:clickhouse:19.1.16.79
-
cpe:2.3:a:clickhouse:clickhouse:19.1.5
-
cpe:2.3:a:clickhouse:clickhouse:19.1.6
-
cpe:2.3:a:clickhouse:clickhouse:19.1.7
-
cpe:2.3:a:clickhouse:clickhouse:19.1.8
-
cpe:2.3:a:clickhouse:clickhouse:19.1.9
-
cpe:2.3:a:clickhouse:clickhouse:19.10.1.5
-
cpe:2.3:a:clickhouse:clickhouse:19.11.10.54
-
cpe:2.3:a:clickhouse:clickhouse:19.11.11.57
-
cpe:2.3:a:clickhouse:clickhouse:19.11.12.69
-
cpe:2.3:a:clickhouse:clickhouse:19.11.13.74
-
cpe:2.3:a:clickhouse:clickhouse:19.11.2.7
-
cpe:2.3:a:clickhouse:clickhouse:19.11.3.11
-
cpe:2.3:a:clickhouse:clickhouse:19.11.4.24
-
cpe:2.3:a:clickhouse:clickhouse:19.11.5.28
-
cpe:2.3:a:clickhouse:clickhouse:19.11.6.31
-
cpe:2.3:a:clickhouse:clickhouse:19.11.7.40
-
cpe:2.3:a:clickhouse:clickhouse:19.11.8.46
-
cpe:2.3:a:clickhouse:clickhouse:19.11.9.52
-
cpe:2.3:a:clickhouse:clickhouse:19.13.1.11
-
cpe:2.3:a:clickhouse:clickhouse:19.13.2.19
-
cpe:2.3:a:clickhouse:clickhouse:19.13.3.26
-
cpe:2.3:a:clickhouse:clickhouse:19.13.4.32
-
cpe:2.3:a:clickhouse:clickhouse:19.13.5.44
-
cpe:2.3:a:clickhouse:clickhouse:19.13.6.1
-
cpe:2.3:a:clickhouse:clickhouse:19.13.6.51
-
cpe:2.3:a:clickhouse:clickhouse:19.13.7.57
-
cpe:2.3:a:clickhouse:clickhouse:19.14
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1095
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1104
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1112
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1129
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1138
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1144
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1163
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1171
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1175
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1176
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1177
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1180
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1184
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1190
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1196
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1203
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1205
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1219
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1225
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1229
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1233
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1235
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1238
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1246
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1254
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1259
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1266
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1270
-
cpe:2.3:a:clickhouse:clickhouse:19.14.1.1274
-
cpe:2.3:a:clickhouse:clickhouse:19.14.2.2
-
cpe:2.3:a:clickhouse:clickhouse:19.3.3
-
cpe:2.3:a:clickhouse:clickhouse:19.3.4
-
cpe:2.3:a:clickhouse:clickhouse:19.3.5
-
cpe:2.3:a:clickhouse:clickhouse:19.3.6
-
cpe:2.3:a:clickhouse:clickhouse:19.3.7
-
cpe:2.3:a:clickhouse:clickhouse:19.3.8.6
-
cpe:2.3:a:clickhouse:clickhouse:19.3.9.12
-
cpe:2.3:a:clickhouse:clickhouse:19.4.0.49
-
cpe:2.3:a:clickhouse:clickhouse:19.4.1.3
-
cpe:2.3:a:clickhouse:clickhouse:19.4.2.7
-
cpe:2.3:a:clickhouse:clickhouse:19.4.3.11
-
cpe:2.3:a:clickhouse:clickhouse:19.4.4.33
-
cpe:2.3:a:clickhouse:clickhouse:19.4.5.35
-
cpe:2.3:a:clickhouse:clickhouse:19.5.2.6
-
cpe:2.3:a:clickhouse:clickhouse:19.5.3.8
-
cpe:2.3:a:clickhouse:clickhouse:19.5.4.22
-
cpe:2.3:a:clickhouse:clickhouse:19.6.2.11
-
cpe:2.3:a:clickhouse:clickhouse:19.6.3.18
-
cpe:2.3:a:clickhouse:clickhouse:19.7.3.9
-
cpe:2.3:a:clickhouse:clickhouse:19.7.5.27
-
cpe:2.3:a:clickhouse:clickhouse:19.7.5.29
-
cpe:2.3:a:clickhouse:clickhouse:19.8.3.8
-
cpe:2.3:a:clickhouse:clickhouse:19.9.2.4
-
cpe:2.3:a:clickhouse:clickhouse:19.9.3.31
-
cpe:2.3:a:clickhouse:clickhouse:19.9.4.34
-
cpe:2.3:a:clickhouse:clickhouse:19.9.5.36