漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Snowflake Connector for Python has sensitive data in logs
Vulnerability Description
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes (when specified via the `passcode` parameter) and Azure SAS tokens. Additionally, the SecretDetector logging formatter, if enabled, contained bugs which caused it to not fully redact JWT tokens and certain private key formats. Snowflake released version 3.12.3 of the Snowflake Connector for Python, which fixes the issue. In addition to upgrading, users should review their logs for any potentially sensitive information that may have been captured.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Snowflake Connector for Python 日志信息泄露漏洞
Vulnerability Description
Snowflake Connector for Python是Snowflake Computing开源的一个接口。用于开发可以连接到 Snowflake 并执行所有标准操作的 Python 应用程序。 Snowflake Connector for Python 3.12.3之前版本存在日志信息泄露漏洞,该漏洞源于当用户将日志级别设置为DEBUG时,可能会记录Duo passcodes和Azure SAS令牌。如果启用了SecretDetector日志格式化器,则其中的错误导致其无法完全屏蔽JWT令牌和
CVSS Information
N/A
Vulnerability Type
N/A