You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When toggling between user roles while using ClickHouse with query cache enabled, there is a risk of obtaining inaccurate data. ClickHouse advises users with vulnerable versions of ClickHouse not to use the query cache when their application dynamically switches between various roles.
Fix has been pushed to the following open-source versions: v24.1.1.2048. LTS versions will receive backport fixes in the upcoming release, we are recommending turning off query cache if your application switches between user roles for managing permissions for now.
ClickHouse Cloud uses different versioning and a fix for this vulnerability was applied at v24.0.2.54535.
Credits: Evan Johnson and Alan Braithwaite from RunReveal team
## Fixed in ClickHouse v23.10.5.20, 2023-11-26 {#fixed-in-clickhouse-release-23-10-5-20-2023-11-26}
