Primary

Context

Snowflake ODBC Driver Logging Vulnerability Prior to Version 3.7.0

Vulnerability

A vulnerability exists in the Snowflake ODBC Driver in versions prior to 3.7.0, where the driver inadvertently logged entire SQL queries at the INFO level. This behavior, known as the Insertion of Sensitive Information into a Log File, could potentially expose confidential data through the logging mechanism.

Impact

Exploitation of this vulnerability could lead to the unintentional disclosure of sensitive information, such as SQL query details, in log files.

Remediation

Users are advised to update the Snowflake ODBC Driver to version 3.7.0 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Snowflake ODBC Driver Logging Vulnerability Prior to Version 3.7.0

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating