Unauthorized S3 Bucket Reference in PyTorch Serve by Meta
CVE-2024-6577

6.3MEDIUM

Key Information:

Vendor: Pytorch
Status: Pytorch/serve
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-6577?

The presence of an improper access control vulnerability in PyTorch Serve involves the script 'upload_results_to_s3.sh', which references an S3 bucket without validating ownership or accessibility. This oversight poses significant security risks, such as unauthorized access, data breaches, potential modification of sensitive data, or exposure of proprietary information. It is crucial for stakeholders to ensure proper security measures are in place to protect S3 bucket resources and mitigate these vulnerabilities.

Affected Version(s)

pytorch/serve <= unspecified

References

https://huntr.com/bounties/20917570-8328-428f-bd1d-4fcd71...

CVSS V3.0

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Jul 8, 2024

Pytorch

What is CVE-2024-6577?

Affected Version(s)

References

CVSS V3.0

Timeline