Horizon Alert
Summary of the vulnerability and why it matters
This advisory details a vulnerability in the Grafana Snowflake datasource plugin that could allow authenticated users to read or write files between the Grafana server and Snowflake. The core concern is confirming if this specific data integration is in use within your environment.
- Data access allowed between Grafana and Snowflake.
- Understand if sensitive data integration is exposed.
- Verify usage of Snowflake datasource in Grafana.
Attack Path
How an attacker could exploit the issue
An attacker with authenticated access to Grafana could exploit the Snowflake data source feature. By crafting specific GET or PUT commands, they can read or write files between the Grafana server and the Snowflake host, potentially leading to unauthorized data access or modification.
- Authenticated access required.
- Triggers via GET/PUT commands.
- Read/write files between hosts.
Live Threat
Current exploitation, exposure, and threat context
This vulnerability could allow any authenticated user to read or write files between the Grafana server and the Snowflake host by leveraging GET/PUT commands. The impact is dependent on the specific access rights the user has within Grafana and Snowflake.
- Reads or writes to files on hosts.
- Authenticated users can issue commands.
- Unauthorized file access and modification.
Operational Fix
Recommended remediation, mitigation, and detection steps
This vulnerability in the Grafana Snowflake datasource impacts systems where users can run queries, potentially allowing unauthorized file read/write operations between the Grafana server and Snowflake hosts. Identifying affected Grafana instances, confirming their reachability and business criticality, and then locating the accountable owner are the crucial first steps to managing this risk. Remediation planning should follow this initial assessment.
- Application or platform teams own remediation.
- Verify Snowflake datasource access controls.
- Plan maintenance for identified systems.