GHSA-XFHV-WQJ6-RX99

Vulnerability from github – Published: 2025-01-29 18:42 – Updated: 2025-08-21 04:04
VLAI?
Summary
snowflake-sdk may incorrectly validate temporary credential cache file permissions
Details

Issue

Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory.

This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2.

Vulnerability Details

On Linux, when either EXTERNALBROWSER or USERNAME_PASSWORD_MFA authentication methods are used with temporary credential caching enabled, the Snowflake NodeJS Driver will cache temporary credentials in a local file. Due to a bug, the check verifying that the cache file can be accessed only by the user running the Driver always succeeded, but didn’t verify the permissions or the ownership correctly. An attacker with write access to the local cache folder could plant an empty file there and the Driver would use it to store temporary credentials instead of rejecting it due to overly broad permissions.

Solution

Snowflake released version 2.0.2 of the Snowflake NodeJS Driver, which fixes this issue. We recommend users upgrade to version 2.0.2.

Additional Information

If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our Vulnerability Disclosure Policy.

Severity ?
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.0.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "snowflake-sdk"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.12.0"
            },
            {
              "fixed": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-24791"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-29T18:42:26Z",
    "nvd_published_at": "2025-01-29T17:15:30Z",
    "severity": "MODERATE"
  },
  "details": "### Issue\nSnowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory.\n\nThis vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2.\n\n### Vulnerability Details\nOn Linux, when either EXTERNALBROWSER or USERNAME_PASSWORD_MFA authentication methods are used with temporary credential caching enabled, the Snowflake NodeJS Driver will cache temporary credentials in a local file. Due to a bug, the check verifying that the cache file can be accessed only by the user running the Driver always succeeded, but didn\u2019t verify the permissions or the ownership correctly. An attacker with write access to the local cache folder could plant an empty file there and the Driver would use it to store temporary credentials instead of rejecting it due to overly broad permissions.\n\n### Solution\nSnowflake released version 2.0.2 of the Snowflake NodeJS Driver, which fixes this issue. We recommend users upgrade to version 2.0.2.\n\n### Additional Information\nIf you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our [Vulnerability Disclosure Policy](https://hackerone.com/snowflake?type=team).",
  "id": "GHSA-xfhv-wqj6-rx99",
  "modified": "2025-08-21T04:04:51Z",
  "published": "2025-01-29T18:42:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-xfhv-wqj6-rx99"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24791"
    },
    {
      "type": "WEB",
      "url": "https://github.com/snowflakedb/snowflake-connector-nodejs/commit/89731b3a4d61a75b721d13d4e47a7a3712ffa45f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/snowflakedb/snowflake-connector-nodejs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "snowflake-sdk may incorrectly validate temporary credential cache file permissions"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.