CVE-2023-34233
Command Injection vulnerability in snowflake-connector-python (PyPI)
What is CVE-2023-34233 About?
This vulnerability in the Snowflake Python connector (before version 3.0.2) allows for a command injection via SSO browser URL authentication. Attackers can leverage a malicious resource and trick users into interacting with a crafted URL to execute arbitrary code. The flaw is high severity due to remote code execution potential.
Affected Software
- snowflake-connector-python
- <3.0.2
- <1cdbd3b1403c5ef520d7f4d9614fe35165e101ac
Technical Details
The Snowflake Python connector, specifically in versions prior to 3.0.2, suffers from a command injection vulnerability during Single Sign-On (SSO) browser URL authentication. The attack scenario involves an attacker setting up a malicious, publicly accessible server that responds to the SSO URL with an attack payload. If a user is then tricked into visiting a maliciously crafted connection URL, the vulnerable Python connector on the user's local machine renders this malicious payload. This improper handling of the SSO URL and its response by the connector leads to the execution of arbitrary commands on the user's local machine, achieving remote code execution. The vulnerability exploits a lack of proper sanitization or validation of the SSO URL's content.
What is the Impact of CVE-2023-34233?
Successful exploitation may allow attackers to execute arbitrary code on a user's machine, potentially leading to full system compromise, data theft, or further access within the victim's network.
What is the Exploitability of CVE-2023-34233?
Exploitation of this vulnerability is of medium complexity, requiring a two-stage attack. First, the attacker must set up a malicious server to host the payload. Second, they must successfully trick a user into initiating an SSO browser URL authentication flow that points to this malicious resource. This usually involves social engineering or phishing tactics. Authentication to the Snowflake service might be required by the user, but the flaw occurs in the client-side handling of the SSO URL. This is a remote vulnerability, as the attacker's server can inject code remotely. The primary prerequisite is a user running an affected version of the Snowflake Python connector. Risk factors include lack of URL whitelisting, insufficient anti-phishing measures, and user susceptibility to social engineering. Upgrading the connector is the main mitigation.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| nayankadamm | Link | PoC for CVE-2023-34233 |
What are the Available Fixes for CVE-2023-34233?
Available Upgrade Options
- snowflake-connector-python
- <1cdbd3b1403c5ef520d7f4d9614fe35165e101ac → Upgrade to 1cdbd3b1403c5ef520d7f4d9614fe35165e101ac
- snowflake-connector-python
- <3.0.2 → Upgrade to 3.0.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/pypa/advisory-database/tree/main/vulns/snowflake-connector-python/PYSEC-2023-88.yaml
- https://github.com/snowflakedb/snowflake-connector-python/commit/1cdbd3b1403c5ef520d7f4d9614fe35165e101ac
- https://github.com/snowflakedb/snowflake-connector-python/commit/1cdbd3b1403c5ef520d7f4d9614fe35165e101ac
- https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-5w5m-pfw9-c8fp
- https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-5w5m-pfw9-c8fp
- https://github.com/snowflakedb/snowflake-connector-python/pull/1480
- https://github.com/snowflakedb/snowflake-connector-python
- https://osv.dev/vulnerability/GHSA-5w5m-pfw9-c8fp
- https://osv.dev/vulnerability/PYSEC-2023-88
- https://github.com/snowflakedb/snowflake-connector-python/pull/1480
What are Similar Vulnerabilities to CVE-2023-34233?
Similar Vulnerabilities: CVE-2023-36281 , CVE-2023-39662 , CVE-2022-24765 , CVE-2022-39299 , CVE-2021-44228
