Unauthorized Access and Content Modification in h20-r S3 Bucket which is used in .sh and docker file leads to spread of malicious R package which can lead to remote code execution in h2oai/h2o-3

Valid

Reported on

Aug 14th 2023


Description

During a source code review of the provided script, it has been identified that the code contains the "h20-r" S3 bucket, which was previously unclaimed and taken over for proof-of-concept (PoC) purposes. This unauthorized takeover introduces security risks including unauthorized access and potential content modification.

Steps To Reproduce:

  1. Create a s3 bucket with name h20-r and us east 1 region
  2. Upload files with the name same as given in the code (e.g. LiblineaR_1.94-2.tar.gz)
  3. Make the settings and change it as a static website
  4. You have successfully taken the s3 bucket and now when any user runs the code the url with s3 get executed and an attacker can spread dangerous malware.

Proof of Concept

  1. POC Link for the s3 bucket takeover :- https://h2o-r.s3.amazonaws.com/index.html
  2. Github link that shows the s3 bucket :- https://github.com/h2oai/h2o-3/blob/918af06003ef8e56db51669401fc0e7dad046f99/docker/setup-h2o-dev.sh#L51

Impact

The unauthorized takeover of the "h20-r" S3 bucket introduces the following potential impacts:

Unauthorized Access: The unauthorized modification of the S3 bucket allows unauthorized individuals to access the bucket's contents, potentially leading to data leakage or unauthorized usage.

Content Modification: Since the bucket's content has been changed, any code, files, or data retrieved from the bucket may be malicious or untrustworthy. This could lead to unintended code execution on systems that rely on the content from this bucket.

Supply Chain Attack: By altering the original content in the S3 bucket, an attacker could perform a supply chain attack. Users executing the script may unknowingly install malicious or compromised versions of packages, introducing security vulnerabilities.

We are processing your report and will contact the h2oai/h2o-3 team within 24 hours. 6 months ago
We have contacted a member of the h2oai/h2o-3 team and are waiting to hear back 6 months ago
gauravbhatia1211
6 months ago

Researcher


Hey team,

Any updates?

Regards, Gaurav Bhatia

gauravbhatia1211
6 months ago

Researcher


Hey team,

Any updates?

Dan McInerney modified the Severity from Critical (10) to High (8.7) 5 months ago
Dan McInerney modified the Severity from High (8.7) to High (8.7) 5 months ago
Dan McInerney
5 months ago

Admin


Hi gauravbhatia1211,

H2O devs have addressed this vulnerability here: https://github.com/h2oai/h2o-3/issues/15737 and as such will be marked valid after we finish some backend maintenance in the next few days.

In terms of exploitability, we're going to modify the CVSS score similar to the reddit report and for similar reasons. According to the H2O devs, this was an unused file. It was created for use by the devs and would be extremely unlikely to have been run by an end user of H2O. Due to these constraints, we're modifying the privileges to Low, User Interaction to Required, and Availability to None as it doesn't directly impact H2O's availability. This will still leave the CVE and bounty as a High.

Thanks, Dan McInerney Lead Threat Researcher

gauravbhatia1211
5 months ago

Researcher


Hey dan,

Thanks for the update. Excited for the bounty and CVE id 🥳. Let me know if need any help I am always up for it.

Thanks and Regards, Gaurav Bhatia

gauravbhatia1211
5 months ago

Researcher


Hey team,

Any updates?

Regards, Gaurav Bhatia

gauravbhatia1211
5 months ago

Researcher


Hey Dan,

are there any updates?

Regards, Gaurav Bhatia

gauravbhatia1211
5 months ago

Researcher


Hey team,

Is there any update?

Regards, Gaurav Bhatia

gauravbhatia1211
4 months ago

Researcher


Hey team,

Is there any update?

Regards, Gaurav Bhatia

Dan McInerney
4 months ago

Admin


Sorry for delay! We're fixing the payment now, should be able to mark this valid shortly.

Thanks, Dan McInerney Lead Threat Researcher

gauravbhatia1211
4 months ago

Researcher


Hey Dan,

The bucket has 3 occurrences so i expect the bounty range should be increased as the bug was in 3 different files. Expecting the bounty accordingly for the occurrences too.

Regards, Gaurav Bhatia

gauravbhatia1211
4 months ago

Researcher


Hey Dan,

Any updates and how do the bounty amount got decreased?

Regards, Gaurav Bhatia

Dan McInerney
4 months ago

Admin


Hi Guarav,

Sorry for the technical issues! Validation and payment will be fixed tomorrow to match your previous PyTorch S3 takeover bug that we just validated. According to the payment structure and modifiers at the time of this report, the lower payment amount shown currently is accurate largely due to the exclusion of model/data read/write modifiers, but in the interest of consistency we're going to match the higher payment of your previous S3 takeover report.

Thanks, Dan McInerney Lead Threat Researcher

gauravbhatia1211
4 months ago

Researcher


Hey Dan,

Thanks for the update.

Regards, Gaurav Bhatia

The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
Ben Harvie validated this vulnerability 4 months ago
gauravbhatia1211 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
4 months ago
gauravbhatia1211
4 months ago

Researcher


hey team,

I wanted to know when the cve id will be assigned?

Regards, Gaurav Bhatia

gauravbhatia1211
3 months ago

Researcher


Hey team,

Any update regarding the fix bounty,cve id and the remaining bounty of occurrences?

Regards, Gaurav Bhatia

This vulnerability has now been published 3 months ago
Ben Harvie marked this as fixed in 458c01150cba1345509c056d80a0c8900cf2436c with commit 458c01 3 months ago
The fix bounty has been dropped
Dockerfile.dev#L61 has been validated
setup-h2o-dev.sh#L51 has been validated
to join this conversation