CVE-2024-43382

MEDIUM

5.9

Description

Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption.

CVE Details

CVSS v3.1 Score5.9

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack VectorNETWORK

ComplexityHIGH

Privileges RequiredHIGH

User InteractionNONE

Published10/30/2024

Last Modified8/20/2025

Sourcenvd

Honeypot Sightings0

Affected Products

snowflake:snowflake_jdbc

Weaknesses (CWE)

CWE-326

References

https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-f686-hw9c-xw9c(cve@mitre.org)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.