CVE-2025-24788
CVE-2025-24788
Título es
CVE-2025-24788
Mié, 29/01/2025 – 21:15
Tipo
CWE-276
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-24788
Descripción en
snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.
29/01/2025
29/01/2025
Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
5.00
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM
Referencias
Enviar en el boletín
Off
