ClickHouse before 0.4.6 is vulnerable to client certificate password exposure in client exception. This vulnerability enables an attacker with access to client exception error messages or logs to obtain client certificate passwords, potentially allowing unauthorized access to sensitive information, data manipulation, and denial of service attacks. The extent of the risk depends on the specific implementation and usage of the affected systems. However, any exposure of client certificate passwords should be treated as a high-priority security concern.