CVE-2024-28851

Summary

CVE-2024-28851 is a vulnerability affecting the Snowflake Hive MetaStore Connector. This issue involves a helper script used by the connector, which could theoretically be exploited by a malicious insider without admin privileges. By downloading content from a Microsoft domain and replacing it with malicious code, an attacker could potentially manipulate users into executing the attacker-controlled script, leading to elevated privileges on the local system. The vulnerability was patched on February 09, 2024, but no version bump was issued. Users are strongly advised to upgrade to the latest version as soon as possible, or avoid using the helper script entirely.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.