Home > Vulnerability Database > WS-2023-0139

Mend.io Vulnerability Database

WS-2023-0139

Good to know:

Date: August 19, 2025

ClickHouse before 0.4.6 is vulnerable to client certificate password exposure in client exception. This vulnerability enables an attacker with access to client exception error messages or logs to obtain client certificate passwords, potentially allowing unauthorized access to sensitive information, data manipulation, and denial of service attacks. The extent of the risk depends on the specific implementation and usage of the affected systems. However, any exposure of client certificate passwords should be treated as a high-priority security concern.

Language: Java

Severity Score

4.8

Related Resources (7)

Url: https://github.com/ClickHouse/clickhouse-java/issues/1331

Url: https://github.com/ClickHouse/clickhouse-java/commit/23bd399378e0d968c5766460e86d68624c6d04a8

Url: https://github.com/ClickHouse/clickhouse-java/security/advisories/GHSA-g8ph-74m6-8m7r

Url: https://github.com/ClickHouse/clickhouse-java

Url: https://github.com/ClickHouse/clickhouse-java/pull/1334

Url: https://github.com/ClickHouse/clickhouse-java/releases/tag/v0.4.6

Url: https://www.mend.io/vulnerability-database/WS-2023-0139

Severity Score

4.8

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2023-0139

Good to know:

Date: August 19, 2025

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?