CVE-2024-5550 is a path traversal vulnerability classified under CWE-22 found in the h2oai/h2o-3 open-source AI platform, specifically in version 3.40.0.4. The flaw exists in the Typeahead API endpoint, which performs a system path lookup based on user input. When an attacker sends a request with a lookup parameter set to '/', the API responds with directory listings revealing the full filesystem structure of the host server, including sensitive directories like /home, /usr, and /bin. This exposure allows remote attackers to gain insight into the server's directory layout without authentication or user interaction. While the vulnerability itself does not allow direct file reading or code execution, it significantly aids attackers by providing reconnaissance data that can be leveraged in chained attacks, particularly if a Local File Inclusion (LFI) vulnerability is present on the same system. The vulnerability is remotely exploitable over the network with low complexity and no privileges required. The CVSS v3.0 base score is 5.3, indicating a medium severity primarily due to confidentiality impact. No patches or exploit code are currently publicly available, and no active exploitation has been reported. However, the exposure of filesystem paths can facilitate targeted attacks and privilege escalation attempts. Organizations using h2oai/h2o-3 should assess their exposure and implement mitigations to prevent unauthorized API access and path traversal attempts.

The primary impact of CVE-2024-5550 is the unauthorized disclosure of sensitive filesystem information, which compromises confidentiality. For European organizations, this can lead to increased risk of targeted attacks, as attackers gain detailed knowledge of server directory structures, potentially exposing sensitive files or configurations indirectly. While the vulnerability does not directly affect integrity or availability, the information leakage can be a stepping stone for more severe exploits, especially if combined with other vulnerabilities like LFI. Organizations in sectors relying heavily on AI and data science platforms, such as finance, healthcare, and research institutions, may face increased risk due to the sensitive nature of their data and the criticality of their AI workloads. The exposure could also aid attackers in evading detection by understanding system layouts and tailoring attacks accordingly. Given the remote and unauthenticated nature of the exploit, the threat surface is broad, potentially affecting any deployment of the vulnerable h2oai/h2o-3 version. The medium CVSS score reflects moderate risk but should not be underestimated in environments with sensitive data or regulatory compliance requirements such as GDPR.

1. Restrict access to the Typeahead API endpoint by implementing network-level controls such as IP whitelisting or VPN-only access to limit exposure to trusted users. 2. Apply strict input validation and sanitization on the Typeahead API parameters to prevent traversal sequences like '../' or absolute path lookups such as '/'. 3. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious path traversal attempts targeting the Typeahead API. 4. Monitor API logs for unusual requests, especially those querying root or system directories, and establish alerting mechanisms for potential reconnaissance activity. 5. If possible, upgrade to a patched version of h2oai/h2o-3 once available or apply vendor-provided mitigations. 6. Conduct internal audits to identify any Local File Inclusion or related vulnerabilities that could be chained with this information disclosure to escalate impact. 7. Isolate AI platform servers from critical infrastructure and sensitive data stores to limit lateral movement in case of compromise. 8. Educate development and operations teams about secure API design principles to prevent similar issues in future releases.