Snowflake Connector For Python
Monthly
Improper TLS hostname verification in the Snowflake Connector for Python (versions before 4.7.1) lets an on-path attacker defeat HTTPS certificate validation, accepting any certificate signed by any trusted CA regardless of the requested hostname. An adversary who can intercept traffic can decrypt and tamper with connector sessions, exposing Snowflake credentials, query results, and staged file data, and can inject arbitrary SQL bounded by the victim role's privileges. There is no public exploit identified at time of analysis and it is not on CISA KEV, but the reporting vendor (Snowflake) rates it CVSS 4.0 9.2.
Improper TLS hostname verification in the Snowflake Connector for Python (versions before 4.7.1) lets an on-path attacker defeat HTTPS certificate validation, accepting any certificate signed by any trusted CA regardless of the requested hostname. An adversary who can intercept traffic can decrypt and tamper with connector sessions, exposing Snowflake credentials, query results, and staged file data, and can inject arbitrary SQL bounded by the victim role's privileges. There is no public exploit identified at time of analysis and it is not on CISA KEV, but the reporting vendor (Snowflake) rates it CVSS 4.0 9.2.