Cyber Resilience

CVE-2024-1456

HighPublic PoC

Published: 16 April 2024

Published
16 April 2024
Modified
28 July 2025
KEV Added
Patch
CVSS Score v3 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0022 45.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-1456 is a high-severity an unspecified weakness vulnerability in H2O H2O. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Supply Chain (T1195.002); ranked at the 45.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Data-Related Vulnerabilities risk domain; MITRE ATLAS techniques in scope: AI Supply Chain Compromise (AML.T0010), Exfiltration via AI Inference API (AML.T0024), External Harms (AML.T0048).

EU & UK References

Vulnerability details

An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
H2O-3 is an open-source machine learning platform by H2O.ai, fitting under 'Other Platforms' as it provides distributed ML capabilities including AutoML and deep learning support. The vulnerability involves an S3 bucket ('h2o-training') associated with the repository, reported on an AI/ML bug bounty platform.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1195.002 Compromise Software Supply Chain Initial Access
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise.
Why these techniques?

S3 bucket takeover in h2oai/h2o-3 repository enables attackers to hijack the referenced bucket and serve malicious training data or models, facilitating software supply chain compromise.

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0010: AI Supply Chain CompromiseAML.T0024: Exfiltration via AI Inference APIAML.T0048: External Harms

Affected Assets

h2o
h2o
3.45.0.6386

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References