Snowflake Connector for Python
Moderate fix1 remedy
cpe:2.3:a:snowflake:snowflake-connector-python:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 2.3.7, <= 3.13.0
Snowflake Connector for Python Temporary Credential Caching Vulnerability on Linux
Vulnerability
Patched
A vulnerability exists in the Snowflake Connector for Python, specifically in versions 2.3.7 through 3.13.0, when temporary credential caching is enabled. On Linux systems, the connector caches temporary credentials in a file that is readable by all users. This issue arises when using EXTERNALBROWSER or USERNAME_PASSWORD_MFA authentication methods with temporary credential caching turned on.
Impact
The vulnerability allows temporary credentials to be stored in a world-readable file, potentially exposing sensitive information to other users on the system.
Reproduction
To reproduce this vulnerability, use the Snowflake Connector for Python on a Linux system with temporary credential caching enabled. Authenticate using either the EXTERNALBROWSER or USERNAME_PASSWORD_MFA method. The connector will cache temporary credentials in a local file with world-readable permissions.
Remediation
Upgrade to Snowflake Connector for Python version 3.13.1, which addresses the vulnerability by ensuring that cached credentials are stored securely.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.2impact
2.5exploitability
4.3remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.