Plattform
java
Komponente
snowflake-hive-metastore-connector
Behoben in
87.0.1
CVE-2024-28851 describes a privilege escalation vulnerability within the Snowflake Hive MetaStore Connector. An attacker could leverage a helper script to download content from a Microsoft domain, replace it with malicious code, and potentially manipulate users. This vulnerability impacts versions of the connector prior to dfbf87dff4. A fix has been released in version dfbf87dff4.
This vulnerability allows a malicious insider, lacking administrative privileges, to potentially compromise a system. The attacker could exploit the helper script to download content from a Microsoft domain, then replace this content with malicious code. If the attacker gains local access to the system where the modified script is executed, they could then attempt to manipulate users into executing the malicious code. This could lead to unauthorized access, data breaches, or further system compromise. The potential impact is significant, particularly in environments where the Hive MetaStore Connector is used to manage sensitive data.
This vulnerability is considered a potential insider threat. Public proof-of-concept (POC) code is currently unavailable. The vulnerability was published on 2024-03-15. Its inclusion in the CISA KEV catalog is pending. The risk is moderate due to the requirement of local access and insider knowledge.
Organizations utilizing the Snowflake Hive MetaStore Connector, particularly those with insider threat concerns or environments where local system access is not strictly controlled, are at risk. Specifically, deployments where the connector is used to access sensitive data or critical business processes should be prioritized for remediation.
• java / server:
ps -ef | grep "Snowflake Hive MetaStore Connector"• java / supply-chain: Review the helper script's source code for any unexpected modifications or suspicious code patterns. • generic web: Monitor Snowflake audit logs for unusual script execution patterns or unauthorized access attempts to the Hive MetaStore Connector.
disclosure
Exploit-Status
EPSS
0.04% (13% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-28851 is to upgrade the Snowflake Hive MetaStore Connector to version dfbf87dff4 or later. If an immediate upgrade is not possible, consider restricting access to the helper script and closely monitoring its execution. Implement strict access controls and least privilege principles to limit the potential impact of a successful exploitation. Review and audit the script's functionality to identify any potential vulnerabilities. After upgrading, confirm the fix by verifying the connector version and reviewing system logs for any suspicious activity.
Actualice a la última versión del conector Snowflake Hive MetaStore Connector. Si no puede actualizar, evite el uso del script auxiliar vulnerable. Consulte el aviso de seguridad y el commit en GitHub para obtener más detalles.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-28851 is a medium-severity vulnerability in the Snowflake Hive MetaStore Connector allowing a malicious insider to potentially manipulate users by replacing script content.
You are affected if you are using a version of the Snowflake Hive MetaStore Connector prior to dfbf87dff4.
Upgrade the Snowflake Hive MetaStore Connector to version dfbf87dff4 or later. Assess the impact of the upgrade before implementation.
There are currently no confirmed reports of active exploitation of CVE-2024-28851.
Refer to the official Snowflake security advisory for detailed information and guidance: [https://security.snowflake.com/](https://security.snowflake.com/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.