CVE-2024-23689
Published: Jan 19, 2024
Modified: Nov 29, 2025
Description
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message.
| Vendor | Product | Versions |
|---|---|---|
Unknown | com.clickhouse:clickhouse-r2dbc | affected 0 - < 0.4.6 |
Unknown | com.clickhouse:clickhouse-jdbc | affected 0 - < 0.4.6 |
Unknown | com.clickhouse:clickhouse-client | affected 0 - < 0.4.6 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now