VYPR
Moderate severityNVD Advisory· Published Jan 29, 2025· Updated Jan 31, 2025

Snowflake Connector for .NET has weak temporary files permissions

CVE-2025-24788

Description

snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Snowflake.DataNuGet
>= 2.0.12, < 4.3.04.3.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.