CVE-2023-51662

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-295
View all →

Vulnerability Description

The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5.

Related Vulnerabilities

CVE-2009-3046

HIGH
CVSS:7.5(High)

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certifica...

CWE-2952009

CVE-2009-4123

HIGH
CVSS:7.5(High)

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.

CWE-2952009

CVE-2012-5518

HIGH
CVSS:7.5(High)

vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate)

CWE-2952012

CVE-2012-6071

HIGH
CVSS:7.5(High)

nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.

CWE-2952012

CVE-2013-0264

HIGH
CVSS:7.5(High)

An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system...

CWE-2952013

CVE-2013-7450

HIGH
CVSS:7.5(High)

Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.

CWE-2952013