CVE-2024-28851

Elevation of privilege in Snowflake Hive MetaStore Connector Helper script

Severity Score

4.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a `helper script` for the Hive MetaStore Connector. A malicious insider without admin privileges could, in theory, use the script to download content from a Microsoft domain to the local system and replace the valid content with malicious code. If the attacker then also had local access to the same system where the maliciously modified script is run, they could attempt to manipulate users into executing the attacker-controlled helper script, potentially gaining elevated privileges to the local system. The vulnerability in the script was patched on February 09, 2024, without a version bump to the Connector. User who use the helper script are strongly advised to use the latest version as soon as possible. Users unable to upgrade should avoid using the helper script.

El conector de metastore de Snowflake Hive proporciona una forma sencilla de consultar datos administrados por Hive a través de Snowflake. Snowflake Hive MetaStore Connector ha abordado una posible vulnerabilidad de elevación de privilegios en un "script de ayuda" para Hive MetaStore Connector. En teoría, un usuario interno malicioso sin privilegios de administrador podría usar el script para descargar contenido de un dominio de Microsoft al sistema local y reemplazar el contenido válido con código malicioso. Si el atacante también tuviera acceso local al mismo sistema donde se ejecuta el script modificado maliciosamente, podría intentar manipular a los usuarios para que ejecuten el script auxiliar controlado por el atacante, obteniendo potencialmente privilegios elevados para el sistema local. La vulnerabilidad en el script se corrigió el 9 de febrero de 2024, sin un aumento de versión en el Conector. Se recomienda encarecidamente a los usuarios que utilicen el script auxiliar que utilicen la última versión lo antes posible. Los usuarios que no puedan actualizar deben evitar utilizar el script de ayuda.

*Credits: N/A

CVSS Scores

GitHubv3.1 4.0

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-03-11 CVE Reserved
2024-03-15 CVE Published
2024-03-16 EPSS Updated
2024-08-28 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-269: Improper Privilege Management

CAPEC

References (3)

URL	Tag	Source
https://github.com/snowflakedb/snowflake-hive-metastore-connector/blob/master/scripts/add_snowflake_hive_metastore_connector_script_action.sh	X_refsource_misc
https://github.com/snowflakedb/snowflake-hive-metastore-connector/commit/dfbf87dff456f6bb62c927711d97316f0c71d8ca	X_refsource_misc
https://github.com/snowflakedb/snowflake-hive-metastore-connector/security/advisories/GHSA-r68p-g2x9-mq7x	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Snowflakedb Search vendor "Snowflakedb"		Snowflake-hive-metastore-connector Search vendor "Snowflakedb" for product "Snowflake-hive-metastore-connector"				*		en		Affected