Primary

Context

Snowflake JDBC Driver Client-Side Encryption Key Logging Vulnerability

Vulnerability

Patched

A vulnerability exists in the Snowflake JDBC driver, specifically in versions 3.0.13 through 3.23.0. When the logging level was set to DEBUG, the driver would locally log the client-side encryption master key for the target stage during GET and PUT operations. This key, while sensitive, does not provide access to any data without additional authorizations and is not logged on the server side by Snowflake.

Impact

Logging of the client-side encryption master key in DEBUG mode, potentially leading to unauthorized access if the key is misused.

Reproduction

To reproduce this vulnerability, use the Snowflake JDBC driver version 3.0.13 to 3.23.0 and set the logging level to DEBUG. During the execution of GET or PUT commands, the client-side encryption master key will be logged locally.

Remediation

Upgrade to Snowflake JDBC driver version 3.23.1, which addresses this vulnerability by removing the encryption key from the logs.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

4.3

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

4.3

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Snowflake JDBC Driver Client-Side Encryption Key Logging Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Snowflake JDBC driver

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating