Incorrect Permission Assignment for Critical Resource Affecting snowflake-connector-python package, versions [,4.0.0)

Q: How to fix?

Upgrade snowflake-connector-python to version 4.0.0 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-PYTHON-SNOWFLAKECONNECTORPYTHON-13803382
published2 Nov 2025
disclosed1 Nov 2025
creditUnknown

Report a new vulnerability Found a mistake?

Introduced: 1 Nov 2025

NewCWE-732 (opens in a new tab)

How to fix?

Upgrade snowflake-connector-python to version 4.0.0 or higher.

Overview

snowflake-connector-python is a Snowflake Connector for Python

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the ConfigManager.read_config path in config_manager.py. An attacker can modify sensitive settings stored in the configuration file if its permissions allow write access by the group or other users

Note: This is only exploitable when the stat.S_IWGRP or stat.S_IWOTH are set.

References

GitHub Commit

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
Low
Integrity (VI)
Low
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None