A critical vulnerability in the open source compute framework for AI, Ray, has been identified by cybersecurity firm Bishop Fox. The vulnerability, tracked as CVE-2023-48023, allows unauthorized access to all nodes. This issue exists because Ray does not properly enforce authentication on its dashboard and client components.

By exploiting this vulnerability, a remote attacker could submit or delete jobs without authentication, retrieve sensitive information, and execute arbitrary code. This could lead to obtaining operating system access to all nodes in the Ray cluster. The default configuration of Ray does not enforce authentication, and there does not seem to be support for any type of authorization model.

Additionally, attackers could exploit this vulnerability using the job submission API to submit arbitrary operating system commands. Other security vulnerabilities in Ray, including a server-side request forgery (SSRF) bug (CVE-2023-48022) and an insecure input validation flaw (CVE-2023-6021), have also been identified.

Bishop Fox reported two of these issues to Ray’s maintainers, Anyscale, at the same time as Protect AI, but they were closed as the vendor claims unauthenticated remote code execution is intentional and not a vulnerability.

The cybersecurity firm warns that these critical-severity vulnerabilities in Ray remain unpatched, as the vendor does not recognize them as security defects or does not want to address them.

Fabio

Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles