MEDIUMCVE-2024-28851CVSS 4

CVE-2024-28851: Privilege Escalation in Snowflake Hive Connector

Q: What is CVE-2024-28851 — Privilege Escalation in Snowflake Hive Connector?

CVE-2024-28851 is a medium-severity vulnerability in the Snowflake Hive MetaStore Connector allowing a malicious insider to potentially manipulate users by replacing script content.

Q: Am I affected by CVE-2024-28851 in Snowflake Hive Connector?

You are affected if you are using a version of the Snowflake Hive MetaStore Connector prior to dfbf87dff4.

Q: How do I fix CVE-2024-28851 in Snowflake Hive Connector?

Upgrade the Snowflake Hive MetaStore Connector to version dfbf87dff4 or later. Assess the impact of the upgrade before implementation.

Q: Is CVE-2024-28851 being actively exploited?

There are currently no confirmed reports of active exploitation of CVE-2024-28851.

Q: Where can I find the official Snowflake advisory for CVE-2024-28851?

Refer to the official Snowflake security advisory for detailed information and guidance: [https://security.snowflake.com/](https://security.snowflake.com/)

Platform

java

Component

snowflake-hive-metastore-connector

Fixed in

87.0.1

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026

View on NVD

Save

CVE-2024-28851 describes a privilege escalation vulnerability within the Snowflake Hive MetaStore Connector. This vulnerability allows a malicious insider, lacking administrative privileges, to potentially manipulate users by replacing content within a helper script. The vulnerability impacts versions of the connector prior to dfbf87dff4, and a fix has been released in version dfbf87dff4.

Impact and Attack Scenarios

The core of this vulnerability lies in a helper script used by the Snowflake Hive MetaStore Connector. An attacker with insider access can exploit this by downloading content from a Microsoft domain, replacing the legitimate script with a malicious variant, and then leveraging local access to execute the modified script. Successful exploitation could allow the attacker to manipulate users, potentially gaining unauthorized access to data or systems within the Snowflake environment. While the description mentions user manipulation, the precise scope of that manipulation isn't fully detailed, but the potential for unauthorized actions is significant.

Exploitation Context

This vulnerability is considered a medium risk due to the requirement of insider access and local system access for exploitation. Public proof-of-concept (POC) code is currently unavailable. The vulnerability was publicly disclosed on 2024-03-15. It is not currently listed on the CISA KEV catalog.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureLow

EPSS

0.04% (13% percentile)

CVSS Vector

Affected Software

Componentsnowflake-hive-metastore-connector

Vendorsnowflakedb

Affected rangeFixed in

< dfbf87dff4 – < dfbf87dff487.0.1

Weakness Classification (CWE)

CWE-269

Timeline

Reserved2024-03-11
Published2024-03-15
Modified2024-08-28
EPSS updated2026-04-02

Mitigation and Workarounds

The primary mitigation for CVE-2024-28851 is to upgrade the Snowflake Hive MetaStore Connector to version dfbf87dff4 or later. Prior to upgrading, assess the potential impact on existing queries and workflows that rely on the connector. Consider performing a staged rollout to minimize disruption. If an immediate upgrade is not feasible, restrict access to the helper script and closely monitor its execution for any suspicious activity. After upgrading, confirm the fix by verifying the script integrity and reviewing audit logs for any unauthorized modifications.

How to fix

Actualice a la última versión del conector Snowflake Hive MetaStore Connector. Si no puede actualizar, evite el uso del script auxiliar vulnerable. Consulte el aviso de seguridad y el commit en GitHub para obtener más detalles.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2024-28851 — Privilege Escalation in Snowflake Hive Connector?

CVE-2024-28851 is a medium-severity vulnerability in the Snowflake Hive MetaStore Connector allowing a malicious insider to potentially manipulate users by replacing script content.

Am I affected by CVE-2024-28851 in Snowflake Hive Connector?

You are affected if you are using a version of the Snowflake Hive MetaStore Connector prior to dfbf87dff4.

How do I fix CVE-2024-28851 in Snowflake Hive Connector?

Upgrade the Snowflake Hive MetaStore Connector to version dfbf87dff4 or later. Assess the impact of the upgrade before implementation.

Is CVE-2024-28851 being actively exploited?

There are currently no confirmed reports of active exploitation of CVE-2024-28851.

Where can I find the official Snowflake advisory for CVE-2024-28851?

Refer to the official Snowflake security advisory for detailed information and guidance: [https://security.snowflake.com/](https://security.snowflake.com/)

NextGuard

Vulnerabilities

What do these metrics mean?

Attack Vector: Local — attacker needs a local shell or interactive session on the system.
Attack Complexity: High — requires a race condition, non-default configuration, or specific circumstances. Harder to exploit reliably.
Privileges Required: High — admin or privileged account required to exploit.
User Interaction: Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope: Unchanged — impact is limited to the vulnerable component itself.
Confidentiality: High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity: None — no integrity impact. Attacker cannot modify data.
Availability: None — no availability impact. Service remains fully operational.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free Search CVEs

Java / Maven

Detect this CVE in your project

Upload your pom.xml file and we'll tell you instantly if you're affected.

Upload pom.xmlSupported formats: pom.xml · build.gradle