alt Hacker NewsWow, chapeau to the author.
What an elegant, interesting read.
What I don't quite understand: Why is the Clickhouse bug not given more scrutiny?
Like that escape bug was what made the RCE possible and certainly a core DB company like ClickHouse should be held accountable for such an oversight?
Replies
simonw • yesterday at 1:38 AM
The ClickHouse bug was fixed here: https://github.com/ClickHouse/ClickHouse/pull/74144
ssrf was the entry point, and clickhouse is supposed to be an internal only service, but one could reach it only with that ssrf, so hence less of "scrutiny". The 0day by itself wouldnt be useful, unless an attacker can reach clickhouse, which they usually can't.