CVE-2025-0782 - Vulnerability Details

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Tue, 20 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
Title	Missing Authorization in h2oai/h2o-3
References	https://huntr.com/bounties/4587cec7-8bc5-48ab-8614-105d41c99151
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 20 May 2025 11:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-862
References	https://github.com/h2oai/h2o-3/commit/6740655b70cef40ec67d952bee2d23f7d33c7419
Metrics	cvssV3_0 `{'score': 10.0, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N'}`

Tue, 20 May 2025 10:30:00 +0000

Type	Values Removed	Values Added
Description	A vulnerability in the S3 bucket configuration for h2oai/h2o-3 allows public write access to the 'h2o-release' bucket. This issue affects all versions and could enable an attacker to overwrite any file in the bucket. As users download binary files such as JARs from this bucket, this vulnerability could lead to remote code execution (RCE) on any user who uses the application. Additionally, an attacker could modify the documentation to include malicious download links.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Tue, 06 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 02 May 2025 20:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the S3 bucket configuration for h2oai/h2o-3 allows public write access to the 'h2o-release' bucket. This issue affects all versions and could enable an attacker to overwrite any file in the bucket. As users download binary files such as JARs from this bucket, this vulnerability could lead to remote code execution (RCE) on any user who uses the application. Additionally, an attacker could modify the documentation to include malicious download links.
Title		Missing Authorization in h2oai/h2o-3
Weaknesses		CWE-862
References		https://github.com/h2oai/h2o-3/commit/6740655b70cef40ec67d952bee2d23f7d33c7419 https://huntr.com/bounties/4587cec7-8bc5-48ab-8614-105d41c99151
Metrics		cvssV3_0 `{'score': 10, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N'}`

MITRE

Status: REJECTED

Assigner: @huntr_ai

Published: 2025-05-02T20:11:19.114Z

Updated: 2025-05-20T10:17:12.083Z

Reserved: 2025-01-28T13:18:01.044Z

Link: CVE-2025-0782

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-05-02T21:15:23.550

Modified: 2025-05-20T11:15:47.677

Link: CVE-2025-0782

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object