If the Attacker Has Write Access to Zookeeper and Is Able to Run Custom Server Available from the Network Where Clickhouse Run, It Can Create Custom-built Malicious Server That Will Act as Clickhouse Replica and Register It in Zookeeper

If the attacker has write access to ZooKeeper and is able to run custom server available from the network where ClickHouse run, it can create custom-built malicious server that will act as ClickHouse replica and register it in ZooKeeper. When another replica will fetch data part from malicious replica, it can force clickhouse-server to write to arbitrary path on filesystem. Found by Eldar Zaitov, information security team at Yandex. #6247 (alexey-milovidov)