Lucene search
Veracode Vulnerability DatabaseVERACODE:40845HistoryJun 09, 2023 - 7:28 a.m.
Command Injection
2023-06-0907:28:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
snowflake.data
command injection
url filter
attackers
sso server
code injection
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
66.1%
snowflake.data is vulnerable to Command Injection. The vulnerability is due to an improper URL filter, which allows an attacker to create a rouge SSO server which when a user connects to results in code injection.
| CPE | Name | Operator | Version |
|---|---|---|---|
| snowflake.data | le | 2.0.17 | |
| snowflake.data | le | 2.0.17 |
Related
prion
prion
Command injection
2023-06-08 21:15:00
osv
osv
Snowflake Connector .Net Command Injection
2023-06-09 22:40:23
CVE-2023-34230
2023-06-08 21:15:17
cvelist
cvelist
CVE-2023-34230 Snowflake Connector vulnerable to Command Injection
2023-06-08 20:29:50
github
github
Snowflake Connector .Net Command Injection
2023-06-09 22:40:23
cve
cve
CVE-2023-34230
2023-06-08 21:15:17
nvd
nvd
CVE-2023-34230
2023-06-08 21:15:17
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
66.1%
Related for VERACODE:40845