The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes (when specified via the `passcode` parameter) and Azure SAS tokens. Additionally, the SecretDetector logging formatter, if enabled, contained bugs which caused it to not fully redact JWT tokens and certain private key formats. Snowflake released version 3.12.3 of the Snowflake Connector for Python, which fixes the issue. In addition to upgrading, users should review their logs for any potentially sensitive information that may have been captured.
References
Configurations
History
06 Nov 2024, 14:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/snowflakedb/snowflake-connector-python/commit/dbc9284a3c0382c131b971b35e8d6ab93c46f37a - Patch | |
References | () https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-5vvg-pvhp-hv2m - Vendor Advisory | |
First Time |
Snowflake
Snowflake snowflake Connector |
|
CPE | cpe:2.3:a:snowflake:snowflake_connector:*:*:*:*:*:python:*:* |
25 Oct 2024, 12:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
24 Oct 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-24 22:15
Updated : 2024-11-06 14:58
NVD link : CVE-2024-49750
Mitre link : CVE-2024-49750
CVE.ORG link : CVE-2024-49750
JSON object : View
Products Affected
snowflake
- snowflake_connector
CWE
CWE-532
Insertion of Sensitive Information into Log File