VYPR
Moderate severityNVD Advisory· Published Jan 29, 2025· Updated Feb 12, 2025

Snowflake JDBC uses insecure temporary credential cache file permissions

CVE-2025-24790

Description

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 3.6.8 through 3.21.0. Snowflake fixed the issue in version 3.22.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
net.snowflake:snowflake-jdbcMaven
>= 3.6.8, < 3.22.03.22.0

Affected products

138

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.

CVE-2025-24790 · moderate · VYPR