3.3

CVE-2025-46329

EPSS 0.04%
Veröffentlicht 29.04.2025 04:35:49
Zuletzt bearbeitet 09.05.2025 19:37:56
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. This issue has been patched in version 2.2.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.13

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://github.com/snowflakedb/libsnowflakeclient/security/advisories/GHSA-jx4f-645p-wjpx

Vendor Advisory

https://github.com/snowflakedb/libsnowflakeclient/commit/3caa8a6a3ee95e0a66ead03b4bf6a2d1ca42ebfe

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-46329

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-46329

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-46329

EUVD