CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46329 – Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs
https://notcve.org/view.php?id=CVE-2025-46329
29 Apr 2025 — libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. This issue has been patched i... • https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46330 – Snowflake Connector for C/C++ retries malformed requests
https://notcve.org/view.php?id=CVE-2025-46330
29 Apr 2025 — libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0. • https://github.com/snowflakedb/libsnowflakeclient/pull/882/commits/8120a057e041722e114ed2c5dbed3b5a649f72e2 • CWE-573: Improper Following of Specification by Caller •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46328 – NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file
https://notcve.org/view.php?id=CVE-2025-46328
28 Apr 2025 — snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided file. On Linux and macOS the Driver verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the... • https://github.com/snowflakedb/snowflake-connector-nodejs/commit/e94c24112271e1f44c271634bf29a3188acc68d0 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46327 – Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
https://notcve.org/view.php?id=CVE-2025-46327
28 Apr 2025 — gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and macOS the Driver verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the user running th... • https://github.com/snowflakedb/gosnowflake/commit/ba94a4800e23621eff558ef18ce4b96ec5489ff0 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46326 – Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file
https://notcve.org/view.php?id=CVE-2025-46326
28 Apr 2025 — snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Connector reads logging configuration from a user-provided file. On Linux and macOS, the Connector verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matc... • https://github.com/snowflakedb/snowflake-connector-net/commit/393aad3cfa81045a05dd488944db45256e861bff • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27496 – Snowflake JDBC Driver client-side encryption key in DEBUG logs
https://notcve.org/view.php?id=CVE-2025-27496
13 Mar 2025 — Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snow... • https://github.com/snowflakedb/snowflake-jdbc/commit/ef81582ce2f1dbc3c8794a696c94f4fe65fad507 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24795 – The Snowflake Connector for Python uses insecure cache files permissions
https://notcve.org/view.php?id=CVE-2025-24795
29 Jan 2025 — The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3... • https://github.com/snowflakedb/snowflake-connector-python/commit/3769b43822357c3874c40f5e74068458c2dc79af • CWE-276: Incorrect Default Permissions •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24794 – The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache
https://notcve.org/view.php?id=CVE-2025-24794
29 Jan 2025 — The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue in version 3.13.1. • https://github.com/snowflakedb/snowflake-connector-python/commit/3769b43822357c3874c40f5e74068458c2dc79af • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24793 – Snowflake Connector for Python has an SQL Injection in write_pandas
https://notcve.org/view.php?id=CVE-2025-24793
29 Jan 2025 — The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_tools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1. • https://github.com/snowflakedb/snowflake-connector-python/commit/f3f9b666518d29c31a49384bbaa9a65889e72056 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24788 – Snowflake Connector for .NET has weak temporary files permissions
https://notcve.org/view.php?id=CVE-2025-24788
29 Jan 2025 — snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0. • https://github.com/snowflakedb/snowflake-connector-net/commit/89d91e8316ca213c5d184bcf469ed93977a5edf9 • CWE-276: Incorrect Default Permissions •