Snowflake JDBC Driver, Information Disclosure, CVE-2023-XXXX (Medium)

By /

Listen to this Post

How the Mentioned CVE Works:

The vulnerability in the Snowflake JDBC driver arises when the logging level is set to DEBUG. In this configuration, the driver logs the client-side encryption master key locally during the execution of GET/PUT commands. This key, stored in a JSON object under the `queryStageMasterKey` key, is exposed in local logs. While the key alone does not grant access to sensitive data without additional authorization, its exposure could aid attackers in further exploits if combined with other vulnerabilities. The issue affects Snowflake JDBC driver versions 3.0.13 through 3.23.0 and was resolved in version 3.23.1.

DailyCVE Form:

Platform: Snowflake JDBC
Version: 3.0.13 – 3.23.0
Vulnerability: Information Disclosure
Severity: Medium
Date: 2023-XX-XX

What Undercode Say:

Exploitation:

  1. Log Analysis: Attackers with access to local logs can extract the `queryStageMasterKey` from DEBUG-level logs.
  2. Combined Attacks: The key can be used in conjunction with other vulnerabilities to escalate access.
  3. Automated Scripts: Scripts can be written to parse logs and extract sensitive keys.

Protection:

  1. Upgrade: Update to Snowflake JDBC driver version 3.23.1 or later.
  2. Logging Configuration: Avoid using DEBUG logging in production environments.
  3. Access Control: Restrict access to local logs and monitor for unauthorized access.

Commands:

1. Check Current Version:

java -cp snowflake-jdbc.jar snowflake.client.ClientInfo

2. Upgrade Driver:

mvn clean install -Ddriver.version=3.23.1

3. Disable DEBUG Logging:

log4j.logger.com.snowflake=INFO

Code Snippets:

1. Log Parsing (Exploit):

import json
import re
with open('debug.log', 'r') as log_file:
for line in log_file:
if 'queryStageMasterKey' in line:
key_data = json.loads(re.search(r'{.}', line).group())
print("Extracted Key:", key_data[bash])

2. Logging Configuration (Protection):

<configuration>
<logger name="com.snowflake" level="INFO"/>
</configuration>

Analytics:

  1. Affected Systems: Systems using Snowflake JDBC driver versions 3.0.13 to 3.23.0.
  2. Risk Level: Medium, due to the need for additional access to exploit.
  3. Mitigation Rate: High, as upgrading to 3.23.1 resolves the issue.

References:

  1. Snowflake Vulnerability Disclosure Program: bash
  2. Snowflake JDBC Driver Documentation: bash

References:

Reported By: https://github.com/advisories/GHSA-q298-375f-5q63
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top