The Snowflake CLI before version 3.19 improperly handles untrusted remote references in its SQL statement reader's !source/!load directives. This allows an attacker to supply crafted SQL content that triggers the victim's environment to perform SSRF attacks by issuing outbound requests to internal or non-public networks and executing remote SQL content within the victim's session. Exploitation requires user interaction (processing attacker-controlled content) and is constrained by the privileges of the session. The vulnerability has a CVSS 3.1 score of 4.1 (medium severity). Snowflake CLI version 3.19 introduces a fix by adding an option to disable remote URL retrieval, mitigating the SSRF risk.

Successful exploitation can lead to unintended outbound requests from the victim's environment to internal or non-public network locations, potentially exposing internal services or data. Additionally, remote SQL content could be retrieved and executed in the context of the victim's session, leading to limited confidentiality and integrity impacts. The impact is limited by the privileges of the session processing the malicious content. There are no known exploits in the wild.

A patch is available in Snowflake CLI version 3.19, which adds an option to disable remote URL retrieval and mitigates this SSRF vulnerability. Users should upgrade to version 3.19 or later to remediate this issue. Since this is a cloud service, the vendor manages remediation for the cloud-hosted components; however, local CLI versions prior to 3.19 remain vulnerable until updated. No additional mitigation actions are specified by the vendor.