Login Sign Up

CVE-2023-34231

8.8 HIGH
Remote Code Execution Authentication Bypass

📋 TL;DR

The gosnowflake Golang driver prior to version 1.6.19 contains a command injection vulnerability in SSO browser URL authentication. An attacker who tricks a user into visiting a maliciously crafted connection URL could achieve remote code execution on the user's machine. This affects all users of vulnerable gosnowflake driver versions.

💻 Affected Systems

Products:
  • gosnowflake Golang driver
Versions: All versions prior to 1.6.19
Operating Systems: All platforms using gosnowflake
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects SSO browser URL authentication feature.

📦 What is this software?

Gosnowflake by Snowflake

View all CVEs affecting Gosnowflake →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on user's machine leading to full system compromise, data theft, and lateral movement.

🟠

Likely Case

Targeted phishing attacks against Snowflake users leading to credential theft or malware installation.

🟢

If Mitigated

Limited impact with proper URL whitelisting and user awareness training.

🌐 Internet-Facing: HIGH - Exploitation requires user interaction but can be triggered via phishing links.
🏢 Internal Only: MEDIUM - Still requires user interaction but internal phishing is less common.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires attacker to set up malicious server and trick user into clicking crafted URL.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.19

Vendor Advisory: https://github.com/snowflakedb/gosnowflake/security/advisories/GHSA-fwv2-65wh-2w8c

Restart Required: Yes

Instructions:

1. Update gosnowflake dependency to version 1.6.19 or later. 2. Rebuild and redeploy affected applications. 3. Restart services using the updated driver.

🔧 Temporary Workarounds

Disable SSO browser URL authentication

all

Temporarily disable the vulnerable SSO authentication method until patching.

Modify application configuration to use alternative authentication methods

Implement URL validation

all

Add strict URL validation for SSO authentication endpoints.

Implement allowlist validation for SSO URLs in application code

🧯 If You Can't Patch

  • Implement strict URL whitelisting for SSO authentication endpoints
  • Deploy anti-phishing controls and user awareness training

🔍 How to Verify

Check if Vulnerable:

Check gosnowflake version in go.mod or go.sum files: grep 'gosnowflake' go.mod

Check Version:

go list -m github.com/snowflakedb/gosnowflake

Verify Fix Applied:

Verify gosnowflake version is 1.6.19 or higher: go list -m github.com/snowflakedb/gosnowflake

📡 Detection & Monitoring

Log Indicators:

  • Unusual SSO authentication attempts
  • Failed SSO URL validations
  • Unexpected command execution

Network Indicators:

  • Connections to unknown SSO servers
  • Unusual outbound connections after SSO authentication

SIEM Query:

source="application_logs" AND ("gosnowflake" OR "SSO") AND ("error" OR "failed" OR "malformed")

📊 Metadata

CVE ID: CVE-2023-34231
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: June 8, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34231, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)