Published: 08/06/2023 Updated: 20/06/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 2.0.18 fixes this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
snowflake snowflake connector

Little test project for generating a SBOM.

SBOM Test Testprojekt für die Bereitstellung einer SBOM (= Software Bill Of Material) [TOC] Motivation Die Solution SbomTest dient als Ausgangspunkt für die Erstellung einer SBOM Die Solution verwendet verschiedene Komponenten/Bibliotheken, die via NuGet eingebunden werden Einige weisen bekannte Sicherheitsprobleme auf und/oder sind veraltet Details siehe unten A

CWE-77 https://github.com/snowflakedb/snowflake-connector-net/security/advisories/GHSA-223g-8w3x-98wr https://nvd.nist.gov https://github.com/aargenveldt/SbomTest

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-34230

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect