Incorrect Security Setting in Snowflake JDBC Driver
CVE-2024-43382

5.9MEDIUM

Key Information:

Vendor: Snowflake
Status: Snowflake JDBC Driver
Vendor: CVE Published:; 30 October 2024

What is CVE-2024-43382?

The Snowflake JDBC driver, specifically versions ranging from 3.2.6 to 3.19.1, is affected by an incorrect security setting that allows data to be uploaded to an encrypted stage without the additional protections typically afforded by client-side encryption. This flaw could potentially expose sensitive information, undermining the integrity of client-side encryption measures. Users are advised to review their configurations and upgrade to a patched version to secure their data effectively.

References

https://github.com/snowflakedb/snowflake-jdbc/security/ad...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2024
Vulnerability Reserved
Aug 10, 2024

CVE-2024-43382 Data

JSON