https://db.gcve.eu/sightings/feed 2026-04-30T16:56:34.549089+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/b32ed8c4-688d-4364-8e3f-fc3caaa4305f/export 2026-04-30T16:56:35.293371+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "b32ed8c4-688d-4364-8e3f-fc3caaa4305f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-7hpq-3g6w-pvhf", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113912895243480427", "content": "", "creation_timestamp": "2025-01-29T17:47:20.566825Z"} 2025-01-29T17:47:20.566825+00:00 https://db.gcve.eu/sighting/e7b48bf8-cbc5-42cd-aad8-4cd054c88fbf/export 2026-04-30T16:56:35.293273+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "e7b48bf8-cbc5-42cd-aad8-4cd054c88fbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-7HPQ-3G6W-PVHF", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3381", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24789\n\ud83d\udd25 CVSS Score: 7.7 (CVSS_V3)\n\ud83d\udd39 Description: ### Issue\nSnowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write access to a directory in the %PATH% can escalate their privileges to the user that runs the vulnerable JDBC Driver version.\n\nThis vulnerability affects versions 3.2.3 through 3.21.0 on Windows. Snowflake fixed the issue in version 3.22.0.\n\n### Vulnerability Details\nWhen the EXTERNALBROWSER authentication method is selected, the Snowflake JDBC Driver on non-macOS operating systems tries to open the SSO URL using xdg-open. Because xdg-open is a Linux program that doesn\u2019t exist in a default Windows installation, a sufficiently privileged attacker could place a malicious executable in one of the directories on the %PATH% and achieve local privilege escalation to the user running the JDBC Driver.\n\n### Solution\nSnowflake released version 3.22.0 of the Snowflake JDBC Driver, which fixes this issue. We recommend users upgrade to version 3.22.0.\n\n### Additional Information\nIf you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our [Vulnerability Disclosure Policy](https://hackerone.com/snowflake?type=team).\n\ud83d\udccf Published: 2025-01-29T18:41:57Z\n\ud83d\udccf Modified: 2025-01-29T18:41:57Z\n\ud83d\udd17 References:\n1. https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-7hpq-3g6w-pvhf\n2. https://nvd.nist.gov/vuln/detail/CVE-2025-24789\n3. https://github.com/snowflakedb/snowflake-jdbc/commit/4f01bb8f9b708c71e7a2111c87371dbfc1d53dd6\n4. https://github.com/snowflakedb/snowflake-jdbc", "creation_timestamp": "2025-01-29T19:11:17.000000Z"} 2025-01-29T19:11:17+00:00 https://db.gcve.eu/sighting/907e0c68-979b-44c4-9faf-67d5cac9355b/export 2026-04-30T16:56:35.291961+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "907e0c68-979b-44c4-9faf-67d5cac9355b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-7HPQ-3G6W-PVHF", "type": "published-proof-of-concept", "source": "Telegram/dK9dkTvrn0tRhifIhon0dteFOucmqsRcjgBlg32fakAqe48", "content": "", "creation_timestamp": "2025-01-29T20:30:24.000000Z"} 2025-01-29T20:30:24+00:00