Arbitrary File Read Vulnerability in ClickHouse Functions for Loading CatBoost Models

Arbitrary File Read Vulnerability in ClickHouse Functions for Loading CatBoost Models

CVE-2018-14672 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.

Learn more about our Web Application Penetration Testing UK.