CVE-2024-23689

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 19, 2024
Updated: Jan 26, 2024
CWE ID 209

Summary

CVE-2024-23689 is a vulnerability that affects ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6. It exposes sensitive information in exceptions, allowing unauthorized users to gain access to client certificate passwords through client exception logs. This vulnerability occurs when 'sslkey' is specified and an exception is thrown during database operations. The certificate password is then included in the logged exception message. To remediate this vulnerability, organizations should update their affected products to version 0.4.6 or higher. This vulnerability poses a high danger to organizations as it can lead to unauthorized access and compromise of sensitive information.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-23689 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options