Описание
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3.13.1.
Уязвимые конфигурации
Конфигурация 1Версия от 2.3.7 (включая) до 3.13.1 (исключая)
Одновременно
cpe:2.3:a:snowflake:snowflake_connector:*:*:*:*:*:python:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
EPSS
Процентиль: 10%
0.00036
Низкий
4.4 Medium
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-276
Связанные уязвимости
CVSS3: 4.4
github
около 1 года назад
snowflake-connector-python vulnerable to insecure cache files permissions
EPSS
Процентиль: 10%
0.00036
Низкий
4.4 Medium
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-276