CVE-2024-22412

Summary

CVE-2024-22412 is a vulnerability that affects the cloud ClickHouse offering prior to version 24.0.2.54535 and github.com/clickhouse/clickhouse version 23.1. It allows attackers with control of a role to bypass role-based access controls and policies being enforced on roles through query caching. This means that they can guess queries and potentially access data they shouldn't have access to. The issue has been patched in version 24.1 of ClickHouse and version 24.0.2.54535 of ClickHouse Cloud. The vulnerability has a base severity of LOW and a CVSSv3 score of 2.4, with confidentiality impact rated as LOW, while exploitability score is 0.9, indicating a high likelihood of exploitation if the vulnerability is not remediated promptly by affected organizations using ClickHouse database management system. (Note: The information provided here is based on the given text and does not reflect any additional research or knowledge)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.