CVE-2024-1456
Published: 16 April 2024
Summary
CVE-2024-1456 is a high-severity an unspecified weakness vulnerability in H2O H2O. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Supply Chain (T1195.002); ranked at the 45.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Data-Related Vulnerabilities risk domain; MITRE ATLAS techniques in scope: AI Supply Chain Compromise (AML.T0010), Exfiltration via AI Inference API (AML.T0024), External Harms (AML.T0048).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-17207
Vulnerability details
An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- H2O-3 is an open-source machine learning platform by H2O.ai, fitting under 'Other Platforms' as it provides distributed ML capabilities including AutoML and deep learning support. The vulnerability involves an S3 bucket ('h2o-training') associated with the repository, reported on an AI/ML bug bounty platform.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
S3 bucket takeover in h2oai/h2o-3 repository enables attackers to hijack the referenced bucket and serve malicious training data or models, facilitating software supply chain compromise.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.