CVE-2024-43382

{"id": "CVE-2024-43382", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.7}]}, "published": "2024-10-30T21:15:14.160", "references": [{"url": "https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-f686-hw9c-xw9c", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption."}, {"lang": "es", "value": "Las versiones del controlador JDBC de Snowflake &gt;= 3.2.6 y &lt;= 3.19.1 tienen una configuraci\u00f3n de seguridad incorrecta que puede provocar que los datos se carguen en una etapa cifrada sin la capa adicional de protecci\u00f3n proporcionada por el cifrado del lado del cliente."}], "lastModified": "2025-08-20T19:15:05.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:snowflake:snowflake_jdbc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1D10518-566F-4C2C-9D4E-9F7EE58A028F", "versionEndExcluding": "3.20.0", "versionStartIncluding": "3.2.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}