CVE-2023-48022

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://atlas.mitre.org/studies/AML.CS0023
https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0	Exploit Third Party Advisory
https://docs.ray.io/en/latest/ray-security/index.html	Product Release Notes
https://www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:anyscale:ray:2.6.3:::::::*
	cpe:2.3:a:anyscale:ray:2.8.0:::::::*

History

28 Oct 2024, 17:15

Type	Values Removed	Values Added
References		() https://atlas.mitre.org/studies/AML.CS0023 -

29 Apr 2024, 21:15

Type	Values Removed	Values Added
References		() https://www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit -

04 Dec 2023, 18:46

Type	Values Removed	Values Added
References	~~() https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0 -~~	() https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0 - Exploit, Third Party Advisory
References	~~() https://docs.ray.io/en/latest/ray-security/index.html -~~	() https://docs.ray.io/en/latest/ray-security/index.html - Product, Release Notes
CPE		cpe:2.3:a:anyscale:ray:2.8.0:::::::* cpe:2.3:a:anyscale:ray:2.6.3:::::::*
CWE		CWE-918
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

28 Nov 2023, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-28 08:15

Updated : 2024-10-28 17:15

NVD link : CVE-2023-48022

Mitre link : CVE-2023-48022

CVE.ORG link : CVE-2023-48022

JSON object : View

Products Affected

anyscale

ray

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2023-48022", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-11-28T08:15:06.910", "references": [{"url": "https://atlas.mitre.org/studies/AML.CS0023", "source": "cve@mitre.org"}, {"url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.ray.io/en/latest/ray-security/index.html", "tags": ["Product", "Release Notes"], "source": "cve@mitre.org"}, {"url": "https://www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment"}, {"lang": "es", "value": "Anyscale Ray 2.6.3 y 2.8.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la API de env\u00edo de trabajos. NOTA: la posici\u00f3n del proveedor es que este informe es irrelevante porque Ray, como se indica en su documentaci\u00f3n, no est\u00e1 manipulado para su uso fuera de un entorno de red estrictamente controlado."}], "lastModified": "2024-10-28T17:15:04.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:anyscale:ray:2.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1083D908-E7F7-44BE-89CD-B760224C5585"}, {"criteria": "cpe:2.3:a:anyscale:ray:2.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE882370-6570-49E0-A11F-95D3FBCD4714"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}