7.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-34230

GHSA ID

GHSA-223g-8w3x-98wr

EPSS Score

0.83601%

CWE

CWE-77

Published

6/9/2023

Updated

11/6/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-34230

CVE-2023-34230: Snowflake Connector .Net Command Injection

Issue

Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake .NET driver via SSO URL authentication.

Impacted driver package:

snowflake-connector-net

Impacted version range:

before Version 2.0.18

Attack Scenario

In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution.

This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources.

Solution

On December 2nd, 2022, Snowflake merged a patch that fixed a command injection vulnerability in the Snowflake .NET driver via SSO URL authentication. The vulnerability affected the Snowflake .NET driver before Version 2.0.18. We strongly recommend upgrading to the latest driver version as soon as possible via the following resources: Snowflake .NET Driver.

Additional Information

If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our Vulnerability Disclosure Policy.

(GitHub Advisory)

7.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-34230

GHSA ID

GHSA-223g-8w3x-98wr

EPSS Score

0.83601%

CWE

CWE-77

Published

6/9/2023

Updated

11/6/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Snowflake.Data	nuget	< 2.0.18	2.0.18

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability involves command injection through SSO URL processing. The attack vector requires executing commands via crafted URLs, which strongly suggests the authentication flow contains a function that: 1) Handles SSO URL input, 2) Uses that input in command execution contexts. The RequestPostAuthCodeViaBrowser method is a prime candidate as it would be responsible for launching browser-based authentication and would need to handle URL parameters. The .NET driver's browser launch mechanism (using Process.Start) with untrusted URL input would explain the command injection vector. While exact code isn't available, the CWE-77 classification and attack scenario alignment make this a high-confidence assessment.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Issu* Snow*l*k* w*s in*orm** vi* our *u* *ounty pro*r*m o* * *omm*n* inj**tion vuln*r**ility in t** Snow*l*k* .N*T *riv*r vi* SSO URL *ut**nti**tion. ### Imp**t** *riv*r p**k***: snow*l*k*-*onn**tor-n*t ### Imp**t** v*rsion r*n**: ***or* [V*r

Reasoning

T** vuln*r**ility involv*s *omm*n* inj**tion t*rou** SSO URL pro**ssin*. T** *tt**k v**tor r*quir*s *x**utin* *omm*n*s vi* *r**t** URLs, w*i** stron*ly su***sts t** *ut**nti**tion *low *ont*ins * *un*tion t**t: *) **n*l*s SSO URL input, *) Us*s t**t

7.3

Basic Information

Concerned about an active attack path?

CVE-2023-34230: Snowflake Connector .Net Command Injection

Issue

Impacted driver package:

Impacted version range:

Attack Scenario

Solution

Additional Information

7.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI