EUVD-2024-0163

Malicious code in bioql PyPI...

The Snowflake Connector for Python stores sensitive data in logs

Issue Snowflake recently learned about and remediated a set of vulnerabilities in the Snowflake Connector for Python. Under specific conditions, certain users credentials or portions of those credentials were logged locally by the Connector to the users own systems. The credentials were not logge...

Insertion of Sensitive Information into Log File

Overview snowflake-connector-python is a Snowflake Connector for Python Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the logging of sensitive information when the logging level is set to DEBUG. An attacker can access sensitive data su...

CVE-2024-49750

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes when specified...

PYSEC-2024-191

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes when specified...

PT-2024-33662 · Snowflake · Snowflake Connector For Python

Name of the Vulnerable Software and Affected Versions: Snowflake Connector for Python versions prior to 3.12.3 Description: The issue concerns the logging of sensitive information by the Snowflake Connector for Python. When the logging level is set to DEBUG, the Connector may log Duo passcodes,...