CVE-2025-46329 Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage durin...

CVE-2025-46329 Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage durin...

CVE-2025-46329

The CVE-2025-46329 issue affects libsnowflakeclient (Snowflake Connector for C/C++). Versions 0.5.0 through before 2.2.0 log locally the client-side encryption master key of the target stage when the logging level is DEBUG during GET/PUT operations. This could expose sensitive information in loca...

Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform

On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted E2EE to any user in any email inbox in a few clicks. The feature is rolling out starting today in beta, allowing users to send E2EE emails to Gmail users within an...

Information Disclosure

net.snowflake, snowflake-jdbc is vulnerable to Information Disclosure. The vulnerability is due to improper logging practices due to the Driver logging the client-side encryption master key locally when the logging level is set to DEBUG during GET/PUT commands, allowing an attacker to retrieve th...

CVE-2025-27496

Summary: CVE-2025-27496 affects Snowflake JDBC Driver versions 3.0.13–3.23.0. When logging level is DEBUG, the driver locally logs the client-side encryption master key of the target stage during GET/PUT, exposing a sensitive key through logs. The issue is not logged server-side and does not by i...

CVE-2025-27496 Snowflake JDBC Driver client-side encryption key in DEBUG logs

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption...

CVE-2025-27496 Snowflake JDBC Driver client-side encryption key in DEBUG logs

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption...

CVE-2025-27496 Snowflake JDBC Driver client-side encryption key in DEBUG logs

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption...

Snowflake JDBC Driver client-side encryption key in DEBUG logs

Issue Snowflake discovered and remediated a vulnerability in the Snowflake JDBC driver “Driver”. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not...

Incorrect Security Setting

net.snowflake, snowflake-jdbc is vulnerable to an Incorrect Security Setting. The vulnerability is due to data being uploaded to an encrypted stage without client-side encryption, allowing unauthorized parties to access or modify sensitive information...

CVE-2024-43382

Snowflake JDBC driver versions = 3.2.6 and = 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...

CVE-2024-43382

CVE-2024-43382 affects Snowflake JDBC driver bug where versions 3.2.6–3.19.1 have an incorrect security setting that can allow data to be uploaded to an encrypted stage without the extra protection of client-side encryption. The root cause is an insufficient security configuration, potentially ex...

Snowflake JDBC 安全漏洞

Snowflake JDBC is an application from Snowflake, Inc. provides a JDBC type 4 driver that supports the core functionality and allows Java programs to connect to Snowflak. A security vulnerability exists in Snowflake JDBC versions 3.2.6 through 3.19.1, which stems from having incorrect security...

CVE-2024-43382

Snowflake JDBC driver versions = 3.2.6 and = 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...

CVE-2024-43382

Snowflake JDBC driver versions = 3.2.6 and = 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...

Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy

Google has announced the general availability of client-side encryption CSE for Gmail and Calendar, months after piloting the feature in late 2022. The data privacy controls enable "even more organizations to become arbiters of their own data and the sole party deciding who has access to it,"...

Google Takes Gmail Security to the Next Level with Client-Side Encryption

Google on Friday announced that its client-side encryption for Gmail is in beta for Workspace and education customers as part of its efforts to secure emails sent using the web version of the platform. The development comes at a time when concerns about online privacy and data security are at an...

Azure Storage SDK でのクライアントサイド暗号化におけるパディング オラクル の脆弱性を軽減

本ブログは、Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability の抄訳版です。最新の情報は原文を参照してください。...

Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability

Summary: Google informed Microsoft under Coordinated Vulnerability Disclosure CVD of a padding oracle vulnerability that may affect customers using Azure Storage SDK for Python, .NET, Java client-side encryption CVE-2022-30187. To mitigate this vulnerability, we released a new General Availabilit...