CVE-2024-43382

MEDIUM

Snowflake JDBC 3.2.6-3.19.1 - Inadequate Encryption Strength in Client-Side Encryption

Title source: llm

Description

Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption.

References (1)

Core 1

Core References

Vendor Advisory

https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-f686-hw9c-xw9c

Scores

CVSS v3 5.9

EPSS 0.0017

EPSS Percentile 7.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-326

Status published

Products (2)

net.snowflake/snowflake-jdbc 3.2.6 - 3.20.0Maven

snowflake/snowflake_jdbc 3.2.6 - 3.20.0

Published Oct 30, 2024

Tracked Since Feb 18, 2026