CVE-2018-14669 (NVD)

2019-08-15

ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.

Products Clickhouse
Type Information Exposure (CWE-200)
First patch - None (likely due to unavailable code)
Links https://clickhouse.yandex/docs/en/security_changelog/