CVE-2018-14668

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-14668

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14668.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-14668

Downstream

UBUNTU-CVE-2018-14668

Published

2019-08-15T18:15:13.693Z

Modified

2026-04-11T18:43:36.999552Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.

References

https://clickhouse.yandex/docs/en/security_changelog/

Affected packages

Git / github.com/clickhouse/clickhouse

Affected ranges

Type

GIT

Repo

https://github.com/clickhouse/clickhouse

Events

Introduced

Fixed

e03d523f191e97907e2252199c71e89291a79e7f

Database specific

{
    "cpe": "cpe:2.3:a:clickhouse:clickhouse:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.1.54388"
        }
    ]
}

Affected versions

Other

53973

53974

53975

53976

53977

53978

53979

53980

53981

53982

53983

53984

53985

53986

53987

53988

53989

53990

53991

53992

53993

53994

53995

53996

53997

53999

54000

54001

54002

54003

54004

54005

54006

54007

54008

54009

54010

54011

v1.*

v1.1.1-testing

v1.1.3-testing

v1.1.54011-stable

v1.1.54011-testing

v1.1.54012-testing

v1.1.54015-testing

v1.1.54016-testing

v1.1.54017-testing

v1.1.54018-testing

v1.1.54019-stable

v1.1.54019-testing

v1.1.54020-stable

v1.1.54020-testing

v1.1.54021-testing

v1.1.54022-stable

v1.1.54022-testing

v1.1.54025-testing

v1.1.54026-testing

v1.1.54027-testing

v1.1.54028-testing

v1.1.54029-testing

v1.1.54030-stable

v1.1.54030-testing

v1.1.54031-testing

v1.1.54033-testing

v1.1.54034-testing

v1.1.54035-testing

v1.1.54036-testing

v1.1.54037-testing

v1.1.54038-testing

v1.1.54039-testing

v1.1.54040-testing

v1.1.54041-testing

v1.1.54042-testing

v1.1.54043-testing

v1.1.54044-testing

v1.1.54045-testing

v1.1.54047-testing

v1.1.54048-testing

v1.1.54049-testing

v1.1.54050-testing

v1.1.54051-testing

v1.1.54052-testing

v1.1.54053-testing

v1.1.54054-testing

v1.1.54055-testing

v1.1.54056-testing

v1.1.54057-testing

v1.1.54060-testing

v1.1.54064-testing

v1.1.54068-testing

v1.1.54069-testing

v1.1.54070-testing

v1.1.54072-testing

v1.1.54073-testing

v1.1.54074-stable

v1.1.54074-testing

v1.1.54076-testing

v1.1.54077-testing

v1.1.54078-testing

v1.1.54079-testing

v1.1.54080-stable

v1.1.54080-testing

v1.1.54083-stable

v1.1.54083-testing

v1.1.54092-testing

v1.1.54093-testing

v1.1.54095-testing

v1.1.54096-testing

v1.1.54097-testing

v1.1.54098-testing

v1.1.54099-testing

v1.1.54100-testing

v1.1.54101-testing

v1.1.54102-testing

v1.1.54103-testing

v1.1.54104-testing

v1.1.54105-testing

v1.1.54106-testing

v1.1.54107-testing

v1.1.54108-testing

v1.1.54109-testing

v1.1.54110-testing

v1.1.54111-testing

v1.1.54112-stable

v1.1.54112-testing

v1.1.54113-testing

v1.1.54115-testing

v1.1.54197-testing

v1.1.54199-testing

v1.1.54200-testing

v1.1.54201-testing

v1.1.54202-testing

v1.1.54203-testing

v1.1.54204-testing

v1.1.54207-testing

v1.1.54209-testing

v1.1.54210-testing

v1.1.54211-testing

v1.1.54212-testing

v1.1.54223-testing

v1.1.54225-testing

v1.1.54226-testing

v1.1.54227-testing

v1.1.54228-testing

v1.1.54229-testing

v1.1.54230-testing

v1.1.54232-testing

v1.1.54233-testing

v1.1.54236-stable

v1.1.54236-testing

v1.1.54238-testing

v1.1.54240-testing

v1.1.54241-testing

v1.1.54242-stable

v1.1.54242-testing

v1.1.54243-testing

v1.1.54246-testing

v1.1.54247-testing

v1.1.54248-testing

v1.1.54251-testing

v1.1.54252-testing

v1.1.54253-testing

v1.1.54259-testing

v1.1.54260-testing

v1.1.54262-testing

v1.1.54263-testing

v1.1.54265-testing

v1.1.54267-testing

v1.1.54268-testing

v1.1.54269-testing

v1.1.54271-testing

v1.1.54273-testing

v1.1.54274-testing

v1.1.54278-testing

v1.1.54279-testing

v1.1.54280-testing

v1.1.54286-testing

v1.1.54292-stable

v1.1.54292-testing

v1.1.54297-testing

v1.1.54300-testing

v1.1.54307-testing

v1.1.54308-testing

v1.1.54310-stable

v1.1.54310-testing

v1.1.54312-testing

v1.1.54322-testing

v1.1.54323-testing

v1.1.54324-testing

v1.1.54325-testing

v1.1.54326-testing

v1.1.54329-testing

v1.1.54330-testing

v1.1.54331-testing

v1.1.54332-testing

v1.1.54333-testing

v1.1.54334-testing

v1.1.54335-stable

v1.1.54335-testing

v1.1.54336-stable

v1.1.54336-testing

v1.1.54337-stable

v1.1.54337-testing

v1.1.54338-testing

v1.1.54339-testing

v1.1.54340-testing

v1.1.54341-testing

v1.1.54342-stable

v1.1.54342-testing

v1.1.54343-stable

v1.1.54343-testing

v1.1.54344-testing

v1.1.54345-testing

v1.1.54346-testing

v1.1.54347-testing

v1.1.54348-testing

v1.1.54349-testing

v1.1.54350-testing

v1.1.54353-testing

v1.1.54354-testing

v1.1.54355-testing

v1.1.54356-testing

v1.1.54358-stable

v1.1.54358-testing

v1.1.54362-stable

v1.1.54362-testing

v1.1.54363-testing

v1.1.54364-testing

v1.1.54365-testing

v1.1.54366-testing

v1.1.54369-testing

v1.1.54370-stable

v1.1.54370-testing

v1.1.54371-testing

v1.1.54373-testing

v1.1.54376-testing

v1.1.54377-testing

v1.1.54378-stable

v1.1.54378-testing

v1.1.54380-stable

v1.1.54380-testing

v1.1.54386-testing

v1.1.54387-testing

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14668.json"