CVE-2024-43382
Description
Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Snowflake JDBC driver versions 3.2.6 to 3.19.1 have an incorrect security setting that bypasses client-side encryption for stages on Azure and GCP with 256-bit key size.
Vulnerability
Description
CVE-2024-43382 is an incorrect security setting in the Snowflake JDBC driver that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client-side encryption [1][3]. This issue affects driver versions >=3.2.6 and <=3.19.1, but only manifests in specific configurations: accounts hosted on Azure or Google Cloud Platform (GCP) deployments where the CLIENT_ENCRYPTION_KEY_SIZE account parameter is set to 256-bit instead of the default 128-bit [3]. AWS deployments are not affected [3].
Exploitation
Conditions
To exploit this vulnerability, an attacker must have access to a Snowflake account using a vulnerable JDBC driver version and with a non-default encryption key size setting [3]. The data remains protected by TLS in transit and server-side encryption at rest, so the missing layer is the additional client-side encryption [3]. The issue is not visible to customers and does not result in data exposure beyond the lack of this extra protection [3].
Impact
The impact is that data may lack the additional encryption layer intended by client-side encryption, though it is still secured by TLS and server-side encryption [3]. The severity is assessed as medium with a CVSSv3 base score of 5.9 [3].
Mitigation
Snowflake released a patch in JDBC driver version 3.20.0 on October 28, 2024, which fixes the incorrect security setting [3]. Users are strongly recommended to upgrade to 3.20.0 or later versions as soon as possible [3].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
net.snowflake:snowflake-jdbcMaven | >= 3.2.6, < 3.20.0 | 3.20.0 |
Affected products
136- Snowflake/JDBC driverdescription
- osv-coords135 versionspkg:apk/chainguard/trinopkg:apk/chainguard/trino-configpkg:apk/chainguard/trino-oci-entrypointpkg:apk/chainguard/trino-plugin-accumulopkg:apk/chainguard/trino-plugin-ai-functionspkg:apk/chainguard/trino-plugin-atoppkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-duckdbpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-example-httppkg:apk/chainguard/trino-plugin-exasolpkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-fakerpkg:apk/chainguard/trino-plugin-functions-pythonpkg:apk/chainguard/trino-plugin-geospatialpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-http-server-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kafka-event-listenerpkg:apk/chainguard/trino-plugin-kinesispkg:apk/chainguard/trino-plugin-kudupkg:apk/chainguard/trino-plugin-lakehousepkg:apk/chainguard/trino-plugin-ldap-group-providerpkg:apk/chainguard/trino-plugin-local-filepkg:apk/chainguard/trino-plugin-lokipkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mlpkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-mysql-event-listenerpkg:apk/chainguard/trino-plugin-opapkg:apk/chainguard/trino-plugin-openlineagepkg:apk/chainguard/trino-plugin-opensearchpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-phoenix5pkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-rangerpkg:apk/chainguard/trino-plugin-raptor-legacypkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-snowflakepkg:apk/chainguard/trino-plugin-spooling-filesystempkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-teradata-functionspkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/chainguard/trino-plugin-verticapkg:apk/wolfi/trinopkg:apk/wolfi/trino-configpkg:apk/wolfi/trino-oci-entrypointpkg:apk/wolfi/trino-plugin-accumulopkg:apk/wolfi/trino-plugin-ai-functionspkg:apk/wolfi/trino-plugin-atoppkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-duckdbpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-example-httppkg:apk/wolfi/trino-plugin-exasolpkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-fakerpkg:apk/wolfi/trino-plugin-functions-pythonpkg:apk/wolfi/trino-plugin-geospatialpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-http-server-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kafka-event-listenerpkg:apk/wolfi/trino-plugin-kinesispkg:apk/wolfi/trino-plugin-kudupkg:apk/wolfi/trino-plugin-lakehousepkg:apk/wolfi/trino-plugin-ldap-group-providerpkg:apk/wolfi/trino-plugin-local-filepkg:apk/wolfi/trino-plugin-lokipkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mlpkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-mysql-event-listenerpkg:apk/wolfi/trino-plugin-opapkg:apk/wolfi/trino-plugin-openlineagepkg:apk/wolfi/trino-plugin-opensearchpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-phoenix5pkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-rangerpkg:apk/wolfi/trino-plugin-raptor-legacypkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-snowflakepkg:apk/wolfi/trino-plugin-spooling-filesystempkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-teradata-functionspkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:apk/wolfi/trino-plugin-verticapkg:maven/net.snowflake/snowflake-jdbc
< 472-r0+ 134 more
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: >= 3.2.6, < 3.20.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.