How severe is CVE-2024-49750?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-49750?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2024-49750 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes (when specified via the `passcode` parameter) and Azure SAS tokens. Additionally, the SecretDetector logging formatter, if enabled, contained bugs which caused it to not fully redact JWT tokens and certain private key formats. Snowflake released version 3.12.3 of the Snowflake Connector for Python, which fixes the issue. In addition to upgrading, users should review their logs for any potentially sensitive information that may have been captured.

Related Vulnerabilities

CVE-2014-3536

MEDIUM

CVSS:5.5(Medium)

CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration

CWE-5322014

CVE-2015-3243

MEDIUM

CVSS:5.5(Medium)

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.

CWE-5322015

CVE-2016-4443

MEDIUM

CVSS:5.5(Medium)

Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.

CWE-5322016

CVE-2016-5967

MEDIUM

CVSS:5.5(Medium)

The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.

CWE-5322016

CVE-2016-9985

MEDIUM

CVSS:5.5(Medium)

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

CWE-5322016

CVE-2017-2592

MEDIUM

CVSS:5.5(Medium)

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error messa...

CWE-5322017