Base Score

MEDIUM5.9

CVE-2024-43382

Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption.

VectorNETWORK

Published Bycve@mitre.org

Published DateOct 30, 2024, 21:15

Affected Versions(1)

net.snowflake:snowflake-jdbc(Maven)

Introduced3.2.6

Fixed3.20.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
net.snowflake:snowflake-jdbc(Maven)	3.2.6	3.20.0	N/A

Weakness Type (CWE):CWE-326

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE

References

https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-f686-hw9c-xw9c

Base Score

MEDIUM5.9

Weakness Type (CWE):CWE-326

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE