CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15024

In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.4%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

Products affected by CVE-2019-15024

Yandex » Clickhouse » Version: N/A

cpe:2.3:a:yandex:clickhouse:-
Yandex » Clickhouse » Version: 1.1.54011

cpe:2.3:a:yandex:clickhouse:1.1.54011
Yandex » Clickhouse » Version: 1.1.54019

cpe:2.3:a:yandex:clickhouse:1.1.54019
Yandex » Clickhouse » Version: 1.1.54020

cpe:2.3:a:yandex:clickhouse:1.1.54020
Yandex » Clickhouse » Version: 1.1.54022

cpe:2.3:a:yandex:clickhouse:1.1.54022
Yandex » Clickhouse » Version: 1.1.54023

cpe:2.3:a:yandex:clickhouse:1.1.54023
Yandex » Clickhouse » Version: 1.1.54030

cpe:2.3:a:yandex:clickhouse:1.1.54030
Yandex » Clickhouse » Version: 1.1.54046

cpe:2.3:a:yandex:clickhouse:1.1.54046
Yandex » Clickhouse » Version: 1.1.54074

cpe:2.3:a:yandex:clickhouse:1.1.54074
Yandex » Clickhouse » Version: 1.1.54080

cpe:2.3:a:yandex:clickhouse:1.1.54080
Yandex » Clickhouse » Version: 1.1.54083

cpe:2.3:a:yandex:clickhouse:1.1.54083
Yandex » Clickhouse » Version: 1.1.54112

cpe:2.3:a:yandex:clickhouse:1.1.54112
Yandex » Clickhouse » Version: 1.1.54127

cpe:2.3:a:yandex:clickhouse:1.1.54127
Yandex » Clickhouse » Version: 1.1.54131

cpe:2.3:a:yandex:clickhouse:1.1.54131
Yandex » Clickhouse » Version: 1.1.54133

cpe:2.3:a:yandex:clickhouse:1.1.54133
Yandex » Clickhouse » Version: 1.1.54134

cpe:2.3:a:yandex:clickhouse:1.1.54134
Yandex » Clickhouse » Version: 1.1.54135

cpe:2.3:a:yandex:clickhouse:1.1.54135
Yandex » Clickhouse » Version: 1.1.54144

cpe:2.3:a:yandex:clickhouse:1.1.54144
Yandex » Clickhouse » Version: 1.1.54159

cpe:2.3:a:yandex:clickhouse:1.1.54159
Yandex » Clickhouse » Version: 1.1.54165

cpe:2.3:a:yandex:clickhouse:1.1.54165
Yandex » Clickhouse » Version: 1.1.54181

cpe:2.3:a:yandex:clickhouse:1.1.54181
Yandex » Clickhouse » Version: 1.1.54188

cpe:2.3:a:yandex:clickhouse:1.1.54188
Yandex » Clickhouse » Version: 1.1.54190

cpe:2.3:a:yandex:clickhouse:1.1.54190
Yandex » Clickhouse » Version: 1.1.54198

cpe:2.3:a:yandex:clickhouse:1.1.54198
Yandex » Clickhouse » Version: 1.1.54231

cpe:2.3:a:yandex:clickhouse:1.1.54231
Yandex » Clickhouse » Version: 1.1.54236

cpe:2.3:a:yandex:clickhouse:1.1.54236
Yandex » Clickhouse » Version: 1.1.54242

cpe:2.3:a:yandex:clickhouse:1.1.54242
Yandex » Clickhouse » Version: 1.1.54245

cpe:2.3:a:yandex:clickhouse:1.1.54245
Yandex » Clickhouse » Version: 1.1.54276

cpe:2.3:a:yandex:clickhouse:1.1.54276
Yandex » Clickhouse » Version: 1.1.54282

cpe:2.3:a:yandex:clickhouse:1.1.54282
Yandex » Clickhouse » Version: 1.1.54284

cpe:2.3:a:yandex:clickhouse:1.1.54284
Yandex » Clickhouse » Version: 1.1.54289

cpe:2.3:a:yandex:clickhouse:1.1.54289
Yandex » Clickhouse » Version: 1.1.54292

cpe:2.3:a:yandex:clickhouse:1.1.54292
Yandex » Clickhouse » Version: 1.1.54304

cpe:2.3:a:yandex:clickhouse:1.1.54304
Yandex » Clickhouse » Version: 1.1.54310

cpe:2.3:a:yandex:clickhouse:1.1.54310
Yandex » Clickhouse » Version: 1.1.54318

cpe:2.3:a:yandex:clickhouse:1.1.54318
Yandex » Clickhouse » Version: 1.1.54327

cpe:2.3:a:yandex:clickhouse:1.1.54327
Yandex » Clickhouse » Version: 1.1.54335

cpe:2.3:a:yandex:clickhouse:1.1.54335
Yandex » Clickhouse » Version: 1.1.54336

cpe:2.3:a:yandex:clickhouse:1.1.54336
Yandex » Clickhouse » Version: 1.1.54337

cpe:2.3:a:yandex:clickhouse:1.1.54337
Yandex » Clickhouse » Version: 1.1.54342

cpe:2.3:a:yandex:clickhouse:1.1.54342
Yandex » Clickhouse » Version: 1.1.54343

cpe:2.3:a:yandex:clickhouse:1.1.54343
Yandex » Clickhouse » Version: 1.1.54358

cpe:2.3:a:yandex:clickhouse:1.1.54358
Yandex » Clickhouse » Version: 1.1.54362

cpe:2.3:a:yandex:clickhouse:1.1.54362
Yandex » Clickhouse » Version: 1.1.54370

cpe:2.3:a:yandex:clickhouse:1.1.54370
Yandex » Clickhouse » Version: 1.1.54378

cpe:2.3:a:yandex:clickhouse:1.1.54378
Yandex » Clickhouse » Version: 1.1.54380

cpe:2.3:a:yandex:clickhouse:1.1.54380
Yandex » Clickhouse » Version: 1.1.54381

cpe:2.3:a:yandex:clickhouse:1.1.54381
Yandex » Clickhouse » Version: 1.1.54383

cpe:2.3:a:yandex:clickhouse:1.1.54383
Yandex » Clickhouse » Version: 1.1.54385

cpe:2.3:a:yandex:clickhouse:1.1.54385
Yandex » Clickhouse » Version: 1.1.54388

cpe:2.3:a:yandex:clickhouse:1.1.54388
Yandex » Clickhouse » Version: 1.1.54390

cpe:2.3:a:yandex:clickhouse:1.1.54390
Yandex » Clickhouse » Version: 1.1.54394

cpe:2.3:a:yandex:clickhouse:1.1.54394
Yandex » Clickhouse » Version: 18.1.0

cpe:2.3:a:yandex:clickhouse:18.1.0
Yandex » Clickhouse » Version: 18.10.3

cpe:2.3:a:yandex:clickhouse:18.10.3
Yandex » Clickhouse » Version: 18.12.13

cpe:2.3:a:yandex:clickhouse:18.12.13
Yandex » Clickhouse » Version: 18.12.14

cpe:2.3:a:yandex:clickhouse:18.12.14
Yandex » Clickhouse » Version: 18.12.17

cpe:2.3:a:yandex:clickhouse:18.12.17
Yandex » Clickhouse » Version: 18.14.10

cpe:2.3:a:yandex:clickhouse:18.14.10
Yandex » Clickhouse » Version: 18.14.11

cpe:2.3:a:yandex:clickhouse:18.14.11
Yandex » Clickhouse » Version: 18.14.12

cpe:2.3:a:yandex:clickhouse:18.14.12
Yandex » Clickhouse » Version: 18.14.13

cpe:2.3:a:yandex:clickhouse:18.14.13
Yandex » Clickhouse » Version: 18.14.14

cpe:2.3:a:yandex:clickhouse:18.14.14
Yandex » Clickhouse » Version: 18.14.15

cpe:2.3:a:yandex:clickhouse:18.14.15
Yandex » Clickhouse » Version: 18.14.17

cpe:2.3:a:yandex:clickhouse:18.14.17
Yandex » Clickhouse » Version: 18.14.18

cpe:2.3:a:yandex:clickhouse:18.14.18
Yandex » Clickhouse » Version: 18.14.19

cpe:2.3:a:yandex:clickhouse:18.14.19
Yandex » Clickhouse » Version: 18.14.8

cpe:2.3:a:yandex:clickhouse:18.14.8
Yandex » Clickhouse » Version: 18.14.9

cpe:2.3:a:yandex:clickhouse:18.14.9
Yandex » Clickhouse » Version: 18.16.0

cpe:2.3:a:yandex:clickhouse:18.16.0
Yandex » Clickhouse » Version: 18.16.1

cpe:2.3:a:yandex:clickhouse:18.16.1
Yandex » Clickhouse » Version: 18.4.0

cpe:2.3:a:yandex:clickhouse:18.4.0
Yandex » Clickhouse » Version: 18.5.1

cpe:2.3:a:yandex:clickhouse:18.5.1
Yandex » Clickhouse » Version: 18.6.0

cpe:2.3:a:yandex:clickhouse:18.6.0
Yandex » Clickhouse » Version: 19.1.10

cpe:2.3:a:yandex:clickhouse:19.1.10
Yandex » Clickhouse » Version: 19.1.13

cpe:2.3:a:yandex:clickhouse:19.1.13
Yandex » Clickhouse » Version: 19.1.14

cpe:2.3:a:yandex:clickhouse:19.1.14
Yandex » Clickhouse » Version: 19.1.15.73

cpe:2.3:a:yandex:clickhouse:19.1.15.73
Yandex » Clickhouse » Version: 19.1.16.79

cpe:2.3:a:yandex:clickhouse:19.1.16.79
Yandex » Clickhouse » Version: 19.1.5

cpe:2.3:a:yandex:clickhouse:19.1.5
Yandex » Clickhouse » Version: 19.1.6

cpe:2.3:a:yandex:clickhouse:19.1.6
Yandex » Clickhouse » Version: 19.1.7

cpe:2.3:a:yandex:clickhouse:19.1.7
Yandex » Clickhouse » Version: 19.1.8

cpe:2.3:a:yandex:clickhouse:19.1.8
Yandex » Clickhouse » Version: 19.1.9

cpe:2.3:a:yandex:clickhouse:19.1.9
Yandex » Clickhouse » Version: 19.10.1.5

cpe:2.3:a:yandex:clickhouse:19.10.1.5
Yandex » Clickhouse » Version: 19.11.10.54

cpe:2.3:a:yandex:clickhouse:19.11.10.54
Yandex » Clickhouse » Version: 19.11.11.57

cpe:2.3:a:yandex:clickhouse:19.11.11.57
Yandex » Clickhouse » Version: 19.11.12.69

cpe:2.3:a:yandex:clickhouse:19.11.12.69
Yandex » Clickhouse » Version: 19.11.13.74

cpe:2.3:a:yandex:clickhouse:19.11.13.74
Yandex » Clickhouse » Version: 19.11.2.7

cpe:2.3:a:yandex:clickhouse:19.11.2.7
Yandex » Clickhouse » Version: 19.11.3.11

cpe:2.3:a:yandex:clickhouse:19.11.3.11
Yandex » Clickhouse » Version: 19.11.4.24

cpe:2.3:a:yandex:clickhouse:19.11.4.24
Yandex » Clickhouse » Version: 19.11.5.28

cpe:2.3:a:yandex:clickhouse:19.11.5.28
Yandex » Clickhouse » Version: 19.11.6.31

cpe:2.3:a:yandex:clickhouse:19.11.6.31
Yandex » Clickhouse » Version: 19.11.7.40

cpe:2.3:a:yandex:clickhouse:19.11.7.40
Yandex » Clickhouse » Version: 19.11.8.46

cpe:2.3:a:yandex:clickhouse:19.11.8.46
Yandex » Clickhouse » Version: 19.11.9.52

cpe:2.3:a:yandex:clickhouse:19.11.9.52
Yandex » Clickhouse » Version: 19.13.1.11

cpe:2.3:a:yandex:clickhouse:19.13.1.11
Yandex » Clickhouse » Version: 19.13.2.19

cpe:2.3:a:yandex:clickhouse:19.13.2.19
Yandex » Clickhouse » Version: 19.13.3.26

cpe:2.3:a:yandex:clickhouse:19.13.3.26
Yandex » Clickhouse » Version: 19.13.4.32

cpe:2.3:a:yandex:clickhouse:19.13.4.32
Yandex » Clickhouse » Version: 19.13.5.44

cpe:2.3:a:yandex:clickhouse:19.13.5.44
Yandex » Clickhouse » Version: 19.13.6.1

cpe:2.3:a:yandex:clickhouse:19.13.6.1
Yandex » Clickhouse » Version: 19.13.6.51

cpe:2.3:a:yandex:clickhouse:19.13.6.51
Yandex » Clickhouse » Version: 19.13.7.57

cpe:2.3:a:yandex:clickhouse:19.13.7.57
Yandex » Clickhouse » Version: 19.14

cpe:2.3:a:yandex:clickhouse:19.14
Yandex » Clickhouse » Version: 19.14.1.1095

cpe:2.3:a:yandex:clickhouse:19.14.1.1095
Yandex » Clickhouse » Version: 19.14.1.1104

cpe:2.3:a:yandex:clickhouse:19.14.1.1104
Yandex » Clickhouse » Version: 19.14.1.1112

cpe:2.3:a:yandex:clickhouse:19.14.1.1112
Yandex » Clickhouse » Version: 19.14.1.1129

cpe:2.3:a:yandex:clickhouse:19.14.1.1129
Yandex » Clickhouse » Version: 19.14.1.1138

cpe:2.3:a:yandex:clickhouse:19.14.1.1138
Yandex » Clickhouse » Version: 19.14.1.1144

cpe:2.3:a:yandex:clickhouse:19.14.1.1144
Yandex » Clickhouse » Version: 19.14.1.1163

cpe:2.3:a:yandex:clickhouse:19.14.1.1163
Yandex » Clickhouse » Version: 19.14.1.1171

cpe:2.3:a:yandex:clickhouse:19.14.1.1171
Yandex » Clickhouse » Version: 19.14.1.1175

cpe:2.3:a:yandex:clickhouse:19.14.1.1175
Yandex » Clickhouse » Version: 19.14.1.1176

cpe:2.3:a:yandex:clickhouse:19.14.1.1176
Yandex » Clickhouse » Version: 19.14.1.1177

cpe:2.3:a:yandex:clickhouse:19.14.1.1177
Yandex » Clickhouse » Version: 19.14.1.1180

cpe:2.3:a:yandex:clickhouse:19.14.1.1180
Yandex » Clickhouse » Version: 19.14.1.1184

cpe:2.3:a:yandex:clickhouse:19.14.1.1184
Yandex » Clickhouse » Version: 19.14.1.1190

cpe:2.3:a:yandex:clickhouse:19.14.1.1190
Yandex » Clickhouse » Version: 19.14.1.1196

cpe:2.3:a:yandex:clickhouse:19.14.1.1196
Yandex » Clickhouse » Version: 19.14.1.1203

cpe:2.3:a:yandex:clickhouse:19.14.1.1203
Yandex » Clickhouse » Version: 19.14.1.1205

cpe:2.3:a:yandex:clickhouse:19.14.1.1205
Yandex » Clickhouse » Version: 19.14.1.1219

cpe:2.3:a:yandex:clickhouse:19.14.1.1219
Yandex » Clickhouse » Version: 19.14.1.1225

cpe:2.3:a:yandex:clickhouse:19.14.1.1225
Yandex » Clickhouse » Version: 19.14.1.1229

cpe:2.3:a:yandex:clickhouse:19.14.1.1229
Yandex » Clickhouse » Version: 19.14.1.1233

cpe:2.3:a:yandex:clickhouse:19.14.1.1233
Yandex » Clickhouse » Version: 19.14.1.1235

cpe:2.3:a:yandex:clickhouse:19.14.1.1235
Yandex » Clickhouse » Version: 19.14.1.1238

cpe:2.3:a:yandex:clickhouse:19.14.1.1238
Yandex » Clickhouse » Version: 19.14.1.1246

cpe:2.3:a:yandex:clickhouse:19.14.1.1246
Yandex » Clickhouse » Version: 19.14.1.1254

cpe:2.3:a:yandex:clickhouse:19.14.1.1254
Yandex » Clickhouse » Version: 19.14.1.1259

cpe:2.3:a:yandex:clickhouse:19.14.1.1259
Yandex » Clickhouse » Version: 19.14.1.1266

cpe:2.3:a:yandex:clickhouse:19.14.1.1266
Yandex » Clickhouse » Version: 19.14.1.1270

cpe:2.3:a:yandex:clickhouse:19.14.1.1270
Yandex » Clickhouse » Version: 19.14.1.1274

cpe:2.3:a:yandex:clickhouse:19.14.1.1274
Yandex » Clickhouse » Version: 19.14.2.2

cpe:2.3:a:yandex:clickhouse:19.14.2.2
Yandex » Clickhouse » Version: 19.3.3

cpe:2.3:a:yandex:clickhouse:19.3.3
Yandex » Clickhouse » Version: 19.3.4

cpe:2.3:a:yandex:clickhouse:19.3.4
Yandex » Clickhouse » Version: 19.3.5

cpe:2.3:a:yandex:clickhouse:19.3.5
Yandex » Clickhouse » Version: 19.3.6

cpe:2.3:a:yandex:clickhouse:19.3.6
Yandex » Clickhouse » Version: 19.3.7

cpe:2.3:a:yandex:clickhouse:19.3.7
Yandex » Clickhouse » Version: 19.3.8.6

cpe:2.3:a:yandex:clickhouse:19.3.8.6
Yandex » Clickhouse » Version: 19.3.9.12

cpe:2.3:a:yandex:clickhouse:19.3.9.12
Yandex » Clickhouse » Version: 19.4.0.49

cpe:2.3:a:yandex:clickhouse:19.4.0.49
Yandex » Clickhouse » Version: 19.4.1.3

cpe:2.3:a:yandex:clickhouse:19.4.1.3
Yandex » Clickhouse » Version: 19.4.2.7

cpe:2.3:a:yandex:clickhouse:19.4.2.7
Yandex » Clickhouse » Version: 19.4.3.11

cpe:2.3:a:yandex:clickhouse:19.4.3.11
Yandex » Clickhouse » Version: 19.4.4.33

cpe:2.3:a:yandex:clickhouse:19.4.4.33
Yandex » Clickhouse » Version: 19.4.5.35

cpe:2.3:a:yandex:clickhouse:19.4.5.35
Yandex » Clickhouse » Version: 19.5.2.6

cpe:2.3:a:yandex:clickhouse:19.5.2.6
Yandex » Clickhouse » Version: 19.5.3.8

cpe:2.3:a:yandex:clickhouse:19.5.3.8
Yandex » Clickhouse » Version: 19.5.4.22

cpe:2.3:a:yandex:clickhouse:19.5.4.22
Yandex » Clickhouse » Version: 19.6.2.11

cpe:2.3:a:yandex:clickhouse:19.6.2.11
Yandex » Clickhouse » Version: 19.6.3.18

cpe:2.3:a:yandex:clickhouse:19.6.3.18
Yandex » Clickhouse » Version: 19.7.3.9

cpe:2.3:a:yandex:clickhouse:19.7.3.9
Yandex » Clickhouse » Version: 19.7.5.27

cpe:2.3:a:yandex:clickhouse:19.7.5.27
Yandex » Clickhouse » Version: 19.7.5.29

cpe:2.3:a:yandex:clickhouse:19.7.5.29
Yandex » Clickhouse » Version: 19.8.3.8

cpe:2.3:a:yandex:clickhouse:19.8.3.8
Yandex » Clickhouse » Version: 19.9.2.4

cpe:2.3:a:yandex:clickhouse:19.9.2.4
Yandex » Clickhouse » Version: 19.9.3.31

cpe:2.3:a:yandex:clickhouse:19.9.3.31
Yandex » Clickhouse » Version: 19.9.4.34

cpe:2.3:a:yandex:clickhouse:19.9.4.34
Yandex » Clickhouse » Version: 19.9.5.36

cpe:2.3:a:yandex:clickhouse:19.9.5.36

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15024

Products

Pricing

Contact Us