CVE-2024-23689: 
Java vulnerability analysis and mitigation

A sensitive information exposure vulnerability (CVE-2024-23689) affects ClickHouse's clickhouse-r2dbc, clickhouse-jdbc, and clickhouse-client packages versions less than 0.4.6. The vulnerability was discovered and disclosed in early 2024, allowing unauthorized users to gain access to client certificate passwords through client exception logs (MITRE CVE, NVD).

The vulnerability occurs when client certificate authentication is enabled with password protection and 'sslkey' is specified. During the handling of exceptions (such as ClickHouseException or SQLException), the client certificate password is inadvertently exposed in the exception message. This exposure happens when an exception is thrown during database operations, resulting in the password being included in logged exception messages (GitHub Advisory).

The vulnerability enables attackers with access to client exception error messages or logs to obtain client certificate passwords. This access could potentially lead to unauthorized access to sensitive information, data manipulation, and denial of service attacks. The severity of the impact depends on the specific implementation and usage of the affected systems (GitHub Advisory).

The vulnerability has been patched in version 0.4.6 of the affected packages. Users are strongly recommended to upgrade to this version or later to address the security issue (FortiGuard).