AI PRP: clickhouse exposed API with weak/default credentials #464
Labels
ai-bounty-prp
Identify an AI bounty plugin
Comments
lanced00m
changed the title
|
@lanced00m does the clickhouse API supports arbitrary command execution or just SQL cmds? |
|
@maoning I didn't find a way to execute an OS command with the help of SQL cmds. but it is still a critical bug. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
one of the main use cases of Clickhouse is in Machine Learning & GenAI.
the default username and password exist for clickhouse especially when you set it up with docker containers.
docker hub: https://hub.docker.com/r/clickhouse/clickhouse-server/
documentation: https://clickhouse.com/docs/en/install#from-docker-image
GitHub repository: https://github.com/ClickHouse/ClickHouse
Also, there is a simple UI that is part of the main API:
The text was updated successfully, but these errors were encountered: