Description
The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/snowflakedb/snowflake-connector-net/security/advisories/GHSA-hwcc-4cv8-cf3h
Release Notes x_refsource_misc
https://docs.snowflake.com/release-notes/clients-drivers/dotnet-2023#version-2-1-5-december-18-2023
Scores
CVSS v3
6.0
EPSS
0.0027
EPSS Percentile
50.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
Details
CWE
CWE-295
Status
published
Products (2)
nuget/Snowflake.Data
2.0.25 - 2.1.5NuGet
snowflake/snowflake_connector
2.0.25 - 2.1.5
Published
Dec 22, 2023
Tracked Since
Feb 18, 2026