Snowflake Connector for .NET
Moderate fix1 remedy
cpe:2.3:a:snowflake:snowflake_connector:*:*:*:*:.net:*:*
Moderate fix1 remedy
- >= 2.0.12, <= 4.2.0
Snowflake Connector for .NET Temporary File Permission Vulnerability
Vulnerability
Patched
A vulnerability exists in the Snowflake Connector for .NET, specifically in versions 2.0.12 through 4.2.0 on Linux and macOS. The issue arises because files downloaded from stages are temporarily stored in a world-readable local directory. This configuration allows unauthorized users on the same machine to access these files during their brief existence. The vulnerability has been addressed in version 4.3.0 of the connector.
Impact
Exploitation of this vulnerability could lead to unauthorized access to temporary files by other users on the same machine.
Reproduction
The vulnerability can be reproduced by downloading files from stages using the Snowflake Connector for .NET versions 2.0.12 through 4.2.0 on Linux or macOS. During the download process, the files are saved in a temporary directory with world-readable permissions, allowing unauthorized users to access them before they are moved to the final destination.
Remediation
Users are advised to upgrade to version 4.3.0 of the Snowflake Connector for .NET, which addresses this vulnerability.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.2impact
2.5exploitability
4.3remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.