CVE-2025-27496

LOW Year: 2025
CVSS v3 Score
3.3
Low
Weakness Type
CWE-532
View all →

Vulnerability Description

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. Snowflake fixed the issue in version 3.23.1.

Related Vulnerabilities

CVE-2016-0296

LOW
CVSS:3.3(Low)

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.

CWE-5322016

CVE-2016-5432

LOW
CVSS:3.3(Low)

The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.

CWE-5322016

CVE-2017-1733

LOW
CVSS:3.3(Low)

IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914.

CWE-5322017

CVE-2017-18423

LOW
CVSS:3.3(Low)

In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).

CWE-5322017

CVE-2018-5693

LOW
CVSS:3.3(Low)

The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.

CWE-5322018

CVE-2019-10343

LOW
CVSS:3.3(Low)

Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied.

CWE-5322019