Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ClickHouse Client Certificate Password Exposure
Vulnerability Description
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message.
CVSS Information
N/A
Vulnerability Type
通过错误消息导致的信息暴露
Vulnerability Title
ClickHouse 安全漏洞
Vulnerability Description
ClickHouse是ClickHouse公司的用于实时应用程序和分析的速度最快、资源效率最高的开源数据库。 ClichHouse存在安全漏洞。攻击者利用该漏洞通过客户端异常日志获取对客户端证书密码的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A