Cyber Resilience

CVE-2023-6017

HighPublic PoC

Published: 16 November 2023

Published
16 November 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0019 41.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-6017 is a high-severity an unspecified weakness vulnerability in H2O H2O. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Services (T1584.006); ranked at the 41.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain; MITRE ATLAS techniques in scope: AI Supply Chain Compromise (AML.T0010).

EU & UK References

Vulnerability details

H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
H2O is an AI/ML platform (H2O.ai's machine learning engine), and the vulnerability was reported on a bug bounty platform specifically for AI/ML (huntr.com), confirming AI relevance. The issue involves a reference to a deleted S3 bucket in H2O, fitting 'Other Platforms' as it doesn't match more specific categories like Deep Learning Frameworks or NLP.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1584.006 Web Services Resource Development
Adversaries may compromise access to third-party web services that can be used during targeting.
T1608.001 Upload Malware Resource Development
Adversaries may upload malware to third-party or adversary controlled infrastructure to make it accessible during targeting.
Why these techniques?

The vulnerability enables takeover of an S3 bucket URL referenced by H2O, facilitating compromise of web services infrastructure (T1584.006) and staging malware or tools on the controlled cloud storage (T1608.001).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0010: AI Supply Chain Compromise

Affected Assets

h2o
h2o
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References