CVE-2024-6577 — MEDIUM (6.3)

Vulnerability Description

In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This could lead to potential security vulnerabilities or unauthorized access to the bucket if it is not properly secured or claimed by the appropriate entity. The issue may result in data breaches, exposure of proprietary information, or unauthorized modifications to stored data.

CVSS Score

6.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Related Weaknesses (CWE)

CWE-840

References

https://huntr.com/bounties/20917570-8328-428f-bd1d-4fcd71fb2359

FAQ

What is CVE-2024-6577?

CVE-2024-6577 is a vulnerability with a CVSS score of 6.3 (MEDIUM). In the latest version of pytorch/serve, the script 'upload_results_to_s3.sh' references the S3 bucket 'benchmarkai-metrics-prod' without ensuring its ownership or confirming its accessibility. This co...

How severe is CVE-2024-6577?

CVE-2024-6577 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-6577?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.