A vulnerability in Snowflake's Cortex Code CLI allowed malware to be installed and executed via indirect prompt injection, bypassing human-in-the-loop command approval steps and escaping the sandbox. This occurred due to a flaw in the command validation system that failed to evaluate commands inside process substitution expressions as 'unsafe'. The issue affected both sandboxed and non-sandboxed users, leading to potential data exfiltration and malicious activities within Snowflake instances. Engineers must be cautious with third-party open-source codebases and ensure they are running the latest version of Cortex Code CLI.
Sysadmins running Proxmox, Docker, Linux, Nginx, or Homelab environments might not be directly impacted by the Snowflake Cortex vulnerability. However, this incident highlights the importance of robust command validation systems in any environment that integrates third-party code execution capabilities. It also underscores the need for careful handling of active credentials and sandboxing to prevent unintended access.
- {'point': "Indirect prompt injection exploited a flaw in the Cortex Code CLI's command validation system.", 'explanation': 'The vulnerability stemmed from the inability of the validation system to properly evaluate commands within process substitution expressions, leading to unapproved and unsandboxed execution.'}
- {'point': 'Exploitation allowed arbitrary code execution without human approval.', 'explanation': "This flaw enabled attackers to bypass typical security measures, such as user consent prompts, by constructing malicious commands that appeared 'safe' to the validation system."}
- {'point': 'The vulnerability affected both sandboxed and non-sandboxed environments.', 'explanation': "Even users operating within a supposed 'secure' sandbox environment could be compromised due to the bypass of human-in-the-loop approval steps."}
- {'point': 'Impact included potential data exfiltration and manipulation within Snowflake instances.', 'explanation': 'Attackers could leverage this vulnerability to perform actions such as stealing database contents, adding backdoor users, or locking out legitimate users.'}
- {'point': 'Users should ensure they are running the latest version of Cortex Code CLI (1.0.25).', 'explanation': 'Snowflake released a patch in their latest update to address this vulnerability; users must upgrade to mitigate risks associated with this flaw.'}
N/A - While not directly impacting Proxmox, Docker, Linux, Nginx, or Homelab environments, the lessons learned about command validation and prompt injection vulnerabilities are relevant for securing any environment that integrates third-party code execution.
- {'command': 'Check your installed version of Snowflake Cortex Code CLI with `cortex --version`', 'description': 'Ensure you are running at least version 1.0.25 to have the vulnerability fix.'}
- {'command': 'Upgrade to the latest version if necessary using package manager or direct download from official sources.', 'description': 'Apply the security patch by updating your Cortex Code CLI installation.'}