Improper Preservation of Permissions

CVE-2025-24791

Medium

4.4/10

Summary

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This issue affects snowflake-sdk versions 1.12.0 through 2.0.1 on Linux.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-281 - Improper Preservation of Permissions

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References

Advisory
Release Note
Pull request

Advisory Timeline

Published Jan 29, 2025

Improper Preservation of Permissions

CVE-2025-24791

Summary

CWE-281 - Improper Preservation of Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS