Veracode Vulnerability DatabaseVERACODE:45114Sensitive Information Disclosure
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.1%
clickhouse-client, clickhouse-jdbc and clickhouse-r2dbc are vulnerable to Sensitive Information Disclosure. The client certificate password is revealed while handling a ClickHouseException when sslkey is specified. This exception can be thrown during an execution of a query, which results in password logging inside the exception message.
References
github.com/advisories/GHSA-g8ph-74m6-8m7r
github.com/ClickHouse/clickhouse-java/commit/4f8d9303eb991b39ec7e7e34825241efa082238a
github.com/ClickHouse/clickhouse-java/commit/9a8f7c99a91c9eafedd410cddeb7afe6f69825c9
github.com/ClickHouse/clickhouse-java/issues/1331
github.com/ClickHouse/clickhouse-java/pull/1334
github.com/ClickHouse/clickhouse-java/releases/tag/v0.4.6
github.com/ClickHouse/clickhouse-java/security/advisories/GHSA-g8ph-74m6-8m7r
vulncheck.com/advisories/vc-advisory-GHSA-g8ph-74m6-8m7r
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.1%