H2O.ai H2O-3 Information Disclosure Vulnerability in ImportFiles API

A vulnerability allowing information disclosure exists in H2O.ai H2O-3 versions prior to 7402. The issue arises in the ImportFile API, specifically within the importFiles function of PersistNFS.java. This vulnerability allows remote, unauthenticated attackers to read arbitrary local files that are accessible to the H2O-3 process. The exploitation involves importing a file through an unauthenticated endpoint, bypassing incomplete path restrictions, and then retrieving the file's contents via the Frames API.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive local files, including system metadata, configuration files, secrets, and internal application data.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/3/ImportFiles' endpoint with a user-supplied path to a readable local file. The imported file can then be accessed through the Frames API by sending a GET request to the corresponding frame URL.

Remediation

It is recommended to require authentication and authorization for the 'ImportFiles' endpoint, disable local filesystem imports by default, restrict imports to an allowlisted data directory, validate and canonicalize supplied paths, replace blacklist-based controls with an allowlist model, and add audit logging for file import operations.