CVE-2024-22412

CVSS 3.1 Score 2.4 of 10 (low)

Details

Published Mar 18, 2024
Updated: Mar 19, 2024
CWE ID 863

Summary

CVE-2024-22412 is a vulnerability that affects the cloud ClickHouse offering prior to version 24.0.2.54535 and github.com/clickhouse/clickhouse version 23.1. It allows attackers with control of a role to bypass role-based access controls and policies being enforced on roles through query caching. This means that they can guess queries and potentially access data they shouldn't have access to. The issue has been patched in version 24.1 of ClickHouse and version 24.0.2.54535 of ClickHouse Cloud. The vulnerability has a base severity of LOW and a CVSSv3 score of 2.4, with confidentiality impact rated as LOW, while exploitability score is 0.9, indicating a high likelihood of exploitation if the vulnerability is not remediated promptly by affected organizations using ClickHouse database management system.

(Note: The information provided here is based on the given text and does not reflect any additional research or knowledge)

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-22412 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options