CVE-2024-6854 — HIGH (7.1) — White Hats Nepal

Vulnerability Description

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a trained model file, although the content of the overwrite is not controllable by the attacker.

CVSS Score

7.1

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
H2O	H2O	3.46.0

Related Weaknesses (CWE)

CWE-36

References

https://huntr.com/bounties/97d013f9-ac51-4c80-8dd7-8dfde11f33b2ExploitThird Party Advisory

FAQ

What is CVE-2024-6854?

CVE-2024-6854 is a vulnerability with a CVSS score of 7.1 (HIGH). In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overw...

How severe is CVE-2024-6854?

CVE-2024-6854 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-6854?

Check the references section above for vendor advisories and patch information. Affected products include: H2O H2O.