mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-24 08:32:02 +00:00
Merge pull request #25863 from Karneades/patch-1
Fix small typo in security changelog
This commit is contained in:
commit
a83e4f7b3e
@ -7,7 +7,7 @@ toc_title: Security Changelog
|
|||||||
|
|
||||||
### CVE-2019-15024 {#cve-2019-15024}
|
### CVE-2019-15024 {#cve-2019-15024}
|
||||||
|
|
||||||
Аn attacker that has write access to ZooKeeper and who ican run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem.
|
Аn attacker that has write access to ZooKeeper and who can run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from the malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem.
|
||||||
|
|
||||||
Credits: Eldar Zaitov of Yandex Information Security Team
|
Credits: Eldar Zaitov of Yandex Information Security Team
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user