CVE-2024-49750— Snowflake Connector for Python has sensitive data in logs
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-49750
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Snowflake Connector for Python has sensitive data in logs
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes (when specified via the `passcode` parameter) and Azure SAS tokens. Additionally, the SecretDetector logging formatter, if enabled, contained bugs which caused it to not fully redact JWT tokens and certain private key formats. Snowflake released version 3.12.3 of the Snowflake Connector for Python, which fixes the issue. In addition to upgrading, users should review their logs for any potentially sensitive information that may have been captured.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过日志文件的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Snowflake Connector for Python 日志信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Snowflake Connector for Python是Snowflake Computing开源的一个接口。用于开发可以连接到 Snowflake 并执行所有标准操作的 Python 应用程序。 Snowflake Connector for Python 3.12.3之前版本存在日志信息泄露漏洞,该漏洞源于当用户将日志级别设置为DEBUG时,可能会记录Duo passcodes和Azure SAS令牌。如果启用了SecretDetector日志格式化器,则其中的错误导致其无法完全屏蔽JWT令牌和
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| snowflakedb | snowflake-connector-python | < 3.12.3 | - |
II. Public POCs for CVE-2024-49750
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-49750
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: snowflake-connector-python
- CVE-2025-24795
The Snowflake Connector for Python uses insecure cache files - CVE-2025-24794
The Snowflake Connector for Python uses insecure deserializa - CVE-2025-24793
Snowflake Connector for Python has an SQL Injection in write - CVE-2023-34233
Snowflake Python Connector vulnerable to Command Injection - CVE-2022-42965
Exponential ReDoS in snowflake-connector-python leads to den
Same vendor: snowflakedb
- CVE-2026-3293
snowflakedb snowflake-jdbc JDBC URL SdkProxyRoutePlanner.jav - CVE-2025-46329
Snowflake Connector for C/C++ inserts client-side encryption - CVE-2025-46330
Snowflake Connector for C/C++ retries malformed requests - CVE-2025-46328
NodeJS Driver for Snowflake has race condition when checking - CVE-2025-46327
Go Snowflake Driver has race condition when checking access
Same weakness: CWE-532
- CVE-2026-42282
n8n-MCP: Sensitive MCP tool-call arguments logged on authent - CVE-2026-41495
n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Req - CVE-2026-41004
VMware Spring Cloud Config 日志信息泄露漏洞 - CVE-2024-30151
HCL BigFix Service Management (SM) is susceptible to Broken - CVE-2026-7824
PaperCut Hive (Ricoh): Plain text password in logs
V. Comments for CVE-2024-49750
No comments yet