CVE-2019-15024

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-15024

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15024.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-15024

Published

2019-12-30T15:15:10.580Z

Modified

2026-04-10T04:17:23.276337Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem.

References

https://clickhouse.yandex/docs/en/security_changelog/

Affected packages

Git / github.com/clickhouse/clickhouse

Affected ranges

Type

GIT

Repo

https://github.com/clickhouse/clickhouse

Events

Introduced

Fixed

f38d2483f8f0e72f4d8cca0a2ad612de6318b941

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "19.14.3"
        }
    ]
}

Affected versions

Other

53973

53974

53975

53976

53977

53978

53979

53980

53981

53982

53983

53984

53985

53986

53987

53988

53989

53990

53991

53992

53993

53994

53995

53996

53997

53999

54000

54001

54002

54003

54004

54005

54006

54007

54008

54009

54010

54011

v1.*

v1.1.1-testing

v1.1.3-testing

v1.1.54011-stable

v1.1.54011-testing

v1.1.54012-testing

v1.1.54015-testing

v1.1.54016-testing

v1.1.54017-testing

v1.1.54018-testing

v1.1.54019-stable

v1.1.54019-testing

v1.1.54020-stable

v1.1.54020-testing

v1.1.54021-testing

v1.1.54022-stable

v1.1.54022-testing

v1.1.54025-testing

v1.1.54026-testing

v1.1.54027-testing

v1.1.54028-testing

v1.1.54029-testing

v1.1.54030-stable

v1.1.54030-testing

v1.1.54031-testing

v1.1.54033-testing

v1.1.54034-testing

v1.1.54035-testing

v1.1.54036-testing

v1.1.54037-testing

v1.1.54038-testing

v1.1.54039-testing

v1.1.54040-testing

v1.1.54041-testing

v1.1.54042-testing

v1.1.54043-testing

v1.1.54044-testing

v1.1.54045-testing

v1.1.54047-testing

v1.1.54048-testing

v1.1.54049-testing

v1.1.54050-testing

v1.1.54051-testing

v1.1.54052-testing

v1.1.54053-testing

v1.1.54054-testing

v1.1.54055-testing

v1.1.54056-testing

v1.1.54057-testing

v1.1.54060-testing

v1.1.54064-testing

v1.1.54068-testing

v1.1.54069-testing

v1.1.54070-testing

v1.1.54072-testing

v1.1.54073-testing

v1.1.54074-stable

v1.1.54074-testing

v1.1.54076-testing

v1.1.54077-testing

v1.1.54078-testing

v1.1.54079-testing

v1.1.54080-stable

v1.1.54080-testing

v1.1.54083-stable

v1.1.54083-testing

v1.1.54092-testing

v1.1.54093-testing

v1.1.54095-testing

v1.1.54096-testing

v1.1.54097-testing

v1.1.54098-testing

v1.1.54099-testing

v1.1.54100-testing

v1.1.54101-testing

v1.1.54102-testing

v1.1.54103-testing

v1.1.54104-testing

v1.1.54105-testing

v1.1.54106-testing

v1.1.54107-testing

v1.1.54108-testing

v1.1.54109-testing

v1.1.54110-testing

v1.1.54111-testing

v1.1.54112-stable

v1.1.54112-testing

v1.1.54113-testing

v1.1.54115-testing

v1.1.54197-testing

v1.1.54199-testing

v1.1.54200-testing

v1.1.54201-testing

v1.1.54202-testing

v1.1.54203-testing

v1.1.54204-testing

v1.1.54207-testing

v1.1.54209-testing

v1.1.54210-testing

v1.1.54211-testing

v1.1.54212-testing

v1.1.54223-testing

v1.1.54225-testing

v1.1.54226-testing

v1.1.54227-testing

v1.1.54228-testing

v1.1.54229-testing

v1.1.54230-testing

v1.1.54232-testing

v1.1.54233-testing

v1.1.54236-stable

v1.1.54236-testing

v1.1.54238-testing

v1.1.54240-testing

v1.1.54241-testing

v1.1.54242-stable

v1.1.54242-testing

v1.1.54243-testing

v1.1.54246-testing

v1.1.54247-testing

v1.1.54248-testing

v1.1.54251-testing

v1.1.54252-testing

v1.1.54253-testing

v1.1.54259-testing

v1.1.54260-testing

v1.1.54262-testing

v1.1.54263-testing

v1.1.54265-testing

v1.1.54267-testing

v1.1.54268-testing

v1.1.54269-testing

v1.1.54271-testing

v1.1.54273-testing

v1.1.54274-testing

v1.1.54278-testing

v1.1.54279-testing

v1.1.54280-testing

v1.1.54286-testing

v1.1.54292-stable

v1.1.54292-testing

v1.1.54297-testing

v1.1.54300-testing

v1.1.54307-testing

v1.1.54308-testing

v1.1.54310-stable

v1.1.54310-testing

v1.1.54312-testing

v1.1.54322-testing

v1.1.54323-testing

v1.1.54324-testing

v1.1.54325-testing

v1.1.54326-testing

v1.1.54329-testing

v1.1.54330-testing

v1.1.54331-testing

v1.1.54332-testing

v1.1.54333-testing

v1.1.54334-testing

v1.1.54335-stable

v1.1.54335-testing

v1.1.54336-stable

v1.1.54336-testing

v1.1.54337-stable

v1.1.54337-testing

v1.1.54338-testing

v1.1.54339-testing

v1.1.54340-testing

v1.1.54341-testing

v1.1.54342-stable

v1.1.54342-testing

v1.1.54343-stable

v1.1.54343-testing

v1.1.54344-testing

v1.1.54345-testing

v1.1.54346-testing

v1.1.54347-testing

v1.1.54348-testing

v1.1.54349-testing

v1.1.54350-testing

v1.1.54353-testing

v1.1.54354-testing

v1.1.54355-testing

v1.1.54356-testing

v1.1.54358-stable

v1.1.54358-testing

v1.1.54362-stable

v1.1.54362-testing

v1.1.54363-testing

v1.1.54364-testing

v1.1.54365-testing

v1.1.54366-testing

v1.1.54369-testing

v1.1.54370-stable

v1.1.54370-testing

v1.1.54371-testing

v1.1.54373-testing

v1.1.54376-testing

v1.1.54377-testing

v1.1.54378-stable

v1.1.54378-testing

v1.1.54380-stable

v1.1.54380-testing

v1.1.54386-testing

v1.1.54387-testing

v1.1.54388-stable

v1.1.54388-testing

v1.1.54390-stable

v1.1.54390-testing

v1.1.54391-testing

v1.1.54393-testing

v1.1.54394-stable

v1.1.54394-testing

v1.1.54396-testing

v1.1.54397-testing

v1.1.54398-testing

v18.*

v18.1.0-stable

v18.1.0-testing

v18.10.0-testing

v18.10.2-testing

v18.10.3-stable

v18.10.3-testing

v18.12.0-testing

v18.12.1-testing

v18.12.12-testing

v18.12.15-testing

v18.12.17-stable

v18.12.17-testing

v18.12.2-testing

v18.12.3-testing

v18.12.5-testing

v18.12.7-testing

v18.14.0-testing

v18.14.1-testing

v18.14.2-testing

v18.14.4-testing

v18.14.5-testing

v18.14.6-testing

v18.14.7-testing

v18.14.8-stable

v18.14.8-testing

v18.14.9-stable

v18.14.9-testing

v18.15.0-testing

v18.2.0-testing

v18.4.0-stable

v18.4.0-testing

v18.5.0-testing

v18.6.0-stable

v18.6.0-testing

v18.7.0-testing

v18.8.0-testing

v18.9.0-testing

v19.*

v19.1.2-testing

v19.1.3-testing

v19.1.4-testing

v19.1.5-stable

v19.1.5-testing

v19.1.6-stable

v19.1.6-testing

v19.10.1.654-testing

v19.10.1.658-testing

v19.10.1.665-testing

v19.10.1.669-testing

v19.10.1.681-testing

v19.10.1.685-testing

v19.10.1.687-testing

v19.10.1.696-testing

v19.10.1.698-testing

v19.10.1.705-testing

v19.10.1.706-testing

v19.11.0-testing

v19.11.0.709-testing

v19.11.0.723-testing

v19.11.0.724-testing

v19.11.0.726-testing

v19.11.0.736-testing

v19.11.0.762-testing

v19.11.0.764-testing

v19.11.0.779-testing

v19.11.0.780-testing

v19.11.0.784-testing

v19.11.0.787-testing

v19.11.0.789-testing

v19.11.0.797-testing

v19.11.0.803-testing

v19.11.0.808-testing

v19.11.0.812-testing

v19.11.0.817-testing

v19.11.0.827-testing

v19.11.0.830-prestable

v19.12.1.844-testing

v19.12.1.845-testing

v19.12.1.852-testing

v19.12.1.862-testing

v19.12.1.867-testing

v19.12.1.871-testing

v19.12.1.875-testing

v19.12.1.889-prestable

v19.12.1.890-testing

v19.12.1.894-testing

v19.13.1.1002-testing

v19.13.1.1010-testing

v19.13.1.1015-testing

v19.13.1.1020-testing

v19.13.1.1029-testing

v19.13.1.1037-testing

v19.13.1.1041-testing

v19.13.1.1044-testing

v19.13.1.1046-testing

v19.13.1.1050-testing

v19.13.1.1057-testing

v19.13.1.1060-testing

v19.13.1.1066-testing

v19.13.1.1071-testing

v19.13.1.1084-testing

v19.13.1.1088-testing

v19.13.1.897-testing

v19.13.1.922-testing

v19.13.1.926-testing

v19.13.1.934-testing

v19.13.1.940-testing

v19.13.1.943-testing

v19.13.1.948-testing

v19.13.1.955-testing

v19.13.1.961-testing

v19.13.1.967-testing

v19.13.1.974-testing

v19.13.1.994-testing

v19.14.1.1104-testing

v19.14.1.1112-testing

v19.14.1.1129-testing

v19.14.1.1138-testing

v19.14.1.1144-testing

v19.14.1.1163-testing

v19.14.1.1171-testing

v19.14.1.1175-testing

v19.14.1.1176-testing

v19.14.1.1180-testing

v19.14.1.1184-testing

v19.14.1.1190-testing

v19.14.1.1203-testing

v19.14.1.1205-testing

v19.14.1.1219-testing

v19.14.1.1225-testing

v19.14.1.1229-testing

v19.14.1.1233-testing

v19.14.1.1235-testing

v19.14.1.1238-testing

v19.14.1.1246-testing

v19.14.1.1254-testing

v19.14.1.1259-testing

v19.14.1.1266-testing

v19.14.1.1270-testing

v19.14.2.2-prestable

v19.2.0-testing

v19.3.1-testing

v19.3.2-testing

v19.3.3-stable

v19.3.3-testing

v19.3.4-stable

v19.3.4-testing

v19.4.0.49-stable

v19.4.0.49-testing

v19.5.1.246-testing

v19.6.1.357-testing

v19.7.1.403-testing

v19.8.1.562-testing

v19.9.1.585-testing

v19.9.1.586-testing

v19.9.1.587-testing

v19.9.1.589-testing

v19.9.1.591-testing

v19.9.1.592-testing

v19.9.1.594-testing

v19.9.1.600-testing

v19.9.1.604-testing

v19.9.1.616-testing

v19.9.1.617-testing

v19.9.1.620-testing

v19.9.1.622-testing

v19.9.1.623-testing

v19.9.1.628-testing

v19.9.1.630-testing

v19.9.1.632-testing

v19.9.1.633-testing

v19.9.1.644-testing

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15024.json"