Skip to main content

Snowflake Connector CVE-2023-51662

HIGH
Improper Certificate Validation (CWE-295)
2023-12-22 security-advisories@github.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 22, 2023 - 17:15 nvd
HIGH 7.5

DescriptionNVD

The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5.

AnalysisAI

The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-295. The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5. Affected products include: Snowflake Snowflake Connector. Version information: version 2.1.5..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-42965 HIGH POC
7.5 Nov 09

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI pack

CVE-2023-34233 HIGH
8.8 Jun 08

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflak

CVE-2023-34232 HIGH
8.8 Jun 08

snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) b

CVE-2023-34230 HIGH
8.8 Jun 08

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 vi

CVE-2024-49750 MEDIUM
5.5 Oct 24

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflak

CVE-2025-46326 LOW
3.3 Apr 28

snowflake-connector-net is the Snowflake Connector for .NET. Rated low severity (CVSS 3.3), this vulnerability is low at

CVE-2025-46328 LOW
3.3 Apr 28

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Rated low severity (CVSS 3.3), this vulnerability is low at

CVE-2025-24795 MEDIUM
4.4 Jan 29

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflak

CVE-2025-24794 MEDIUM
6.7 Jan 29

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflak

CVE-2025-24793 HIGH
7.0 Jan 29

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflak

CVE-2025-24788 MEDIUM
5.0 Jan 29

snowflake-connector-net is the Snowflake Connector for .NET. Rated medium severity (CVSS 5.0), this vulnerability is low

CVE-2025-24791 MEDIUM
4.4 Jan 29

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Rated medium severity (CVSS 4.4), this vulnerability is low

Share

CVE-2023-51662 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy