CVE-2024-8616
📋 TL;DR
This vulnerability allows authenticated attackers to overwrite arbitrary files on the server hosting H2O-3 version 3.46.0. Attackers can exploit the /99/Models/{name}/json endpoint to write malicious content to critical system files. Organizations running H2O-3 3.46.0 for machine learning operations are affected.
💻 Affected Systems
- h2oai/h2o-3
📦 What is this software?
H2o by H2o
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via overwriting critical system files like /etc/passwd, /etc/shadow, or SSH authorized_keys, leading to privilege escalation, persistence, or denial of service.
Likely Case
Data corruption, service disruption, or limited file system damage by overwriting application or configuration files.
If Mitigated
Minimal impact if proper file permissions, network segmentation, and access controls prevent exploitation.
🎯 Exploit Status
Exploitation requires authentication to the H2O-3 instance. The vulnerability is path traversal through user-controlled parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.46.0.1 or later
Vendor Advisory: https://github.com/h2oai/h2o-3/security/advisories/GHSA-xxxx-xxxx-xxxx
Restart Required: No
Instructions:
1. Update H2O-3 to version 3.46.0.1 or later. 2. Verify the update by checking the version. 3. No restart required for the patch itself, but restart services if they were stopped during update.
🔧 Temporary Workarounds
Restrict Access to Models Endpoint
allUse network controls or web application firewalls to block or restrict access to the /99/Models/{name}/json endpoint.
Implement File System Permissions
allRun H2O-3 with least privilege user accounts and restrict write permissions to directories outside the application scope.
🧯 If You Can't Patch
- Isolate the H2O-3 instance in a segmented network to limit attack surface.
- Implement strict authentication and authorization controls to minimize authenticated user access.
🔍 How to Verify
Check if Vulnerable:
Check if H2O-3 version is exactly 3.46.0 by accessing the web interface or using version check commands.Check Version:
java -jar h2o.jar --version or check the web interface dashboard.Verify Fix Applied:
Verify the version is updated to 3.46.0.1 or later and test the /99/Models/{name}/json endpoint with controlled parameters to ensure no file overwrite occurs.📡 Detection & Monitoring
Log Indicators:
- Unusual file write operations in system logs
- Access logs showing requests to /99/Models/{name}/json with suspicious parameters
Network Indicators:
- HTTP POST requests to /99/Models/{name}/json with path traversal patterns (e.g., ../)
SIEM Query:
source="h2o_logs" AND uri="/99/Models/*/json" AND (param="mexport.dir" CONTAINS "../" OR status_code=200)