CVE-2024-1456 HIGH

CVE-2024-1456: S3 Bucket Takeover in h2oai/h2o-3

Vendor H2Oai
Product h2oai/h2o-3
Weakness CWE-840
Published April 16, 2024
Last update August 1, 2024

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover.

Key dates

02Disclosure timeline

April 16, 2024 CVE published
August 1, 2024 Record updated