===================================================================                              CERT-Renater

                   Note d'Information No. 2023/VULN216

_____________________________________________________________________

DATE                : 13/06/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running snowflake-connector-nodejs
                                versions prior to 1.6.21.

====================================================================https://github.com/snowflakedb/snowflake-connector-nodejs/security/advisories/GHSA-h53w-7qw7-vh5c
_____________________________________________________________________

Snowflake NodeJS Driver Security Advisory
High

sfc-gh-jfan published GHSA-h53w-7qw7-vh5c Jun 8, 2023

Package
snowflake-connector-nodejs

Affected versions
< 1.6.21

Patched versions
1.6.21


Description

Issue

Snowflake was informed via our bug bounty program of a command
injection vulnerability in the Snowflake NodeJS driver via
SSO browser URL authentication.


Impacted driver package:

snowflake-connector-nodejs


Impacted version range:

before Version 1.6.21


Attack Scenario

In order to exploit the potential for command injection, an attacker
would need to be successful in (1) establishing a malicious resource
and (2) redirecting users to utilize the resource. The attacker could
set up a malicious, publicly accessible server which responds to the
SSO URL with an attack payload. If the attacker then tricked a user
into visiting the maliciously crafted connection URL, the user’s local
machine would render the malicious payload, leading to a remote code
execution.

This attack scenario can be mitigated through URL whitelisting as well
as common anti-phishing resources.


Solution

On April 18, 2023, Snowflake merged a patch that fixed a command
injection vulnerability in the Snowflake NodeJS driver via SSO browser
URL authentication. The vulnerability affected the Snowflake NodeJS
driver before Version 1.6.21. We strongly recommend users upgrade to
Version 1.6.21 as soon as possible via the following resources:
Snowflake NodeJS Driver


Additional Information

If you discover a security vulnerability in one of our products or
websites, please report the issue to HackerOne. For more information,
please see our Vulnerability Disclosure Policy.


Severity
High

7.3/ 10

CVSS base metrics

Attack vector
Network

Attack complexity
Low

Privileges required
Low

User interaction
Required

Scope
Unchanged

Confidentiality
High

Integrity
High

Availability
None

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CVE ID
CVE-2023-34232

Weaknesses
No CWEs



========================================================+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=======================================================