CVE-2024-49750

Advisory

Affected versions of Snowflake Connector for Python are vulnerable to Sensitive Information Exposure (CWE-532). The connector was logging sensitive authentication data including tokens, private keys, and credentials in debug logs. An attacker with access to log files could extract authentication tokens, private keys, and other sensitive data. The vulnerability exists in the Auth class logging functionality and insufficient secret detection patterns. This is exploitable wherever debug logging is enabled. The issue affects _auth.py and secret_detector.py modules, which failed to properly mask all sensitive data formats. Organizations should also rotate any credentials that may have been logged in debug output.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://github.com/advisories/GHSA-5vvg-pvhp-hv2m
• https://github.com/snowflakedb/snowflake-connector-python/commit/dbc9284a3c0382c131b971b35e8d6ab93c46f37a
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49750