Vulnerability Database

309,540

Total vulnerabilities in the database

CVE-2023-51662

The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5.

Published: Dec 22, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-51662
GHSA: GHSA-hwcc-4cv8-cf3h
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6
AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
Snowflake.Data	2.0.25	2.1.5
snowflake / snowflake_connector	2.0.25	2.1.5

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo