Snowflake Connector
CVE-2023-51662
HIGH
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5.
AnalysisAI
The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-295. The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5. Affected products include: Snowflake Snowflake Connector. Version information: version 2.1.5..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Snowflake Connector
View allAn exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI pack
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflak
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) b
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 vi
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflak
snowflake-connector-net is the Snowflake Connector for .NET. Rated low severity (CVSS 3.3), this vulnerability is low at
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Rated low severity (CVSS 3.3), this vulnerability is low at
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflak
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflak
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflak
snowflake-connector-net is the Snowflake Connector for .NET. Rated medium severity (CVSS 5.0), this vulnerability is low
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Rated medium severity (CVSS 4.4), this vulnerability is low
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today