Ray Dashboard Job RCE (CVE-2023-48022)

critical Nessus Plugin ID 193561

Synopsis

The remote host contains a machine learning library that is affected by a remote code execution vulnerability.

Description

The remote host contains a ray dashboard which is purposely lacking authentication features. As such, it is therefore, affected by a remote code execution vulnerability in the jobs api endpoint.

Solution

Review the assets security boundary and add layers of defense to prevent untrusted access to the Ray cluster.

See Also

http://www.nessus.org/u?bf3e21df

https://huntr.com/bounties/b507a6a0-c61a-4508-9101-fceb572b0385

https://github.com/ray-project/ray/

Plugin Details

Severity: Critical

ID: 193561

File Name: ray_CVE-2023-48022.nbin

Version: 1.29

Type: remote

Published: 4/19/2024

Updated: 11/22/2024

Asset Inventory: true

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-48022

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:anyscale:ray

Required KB Items: installed_sw/Ray Dashboard

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 11/28/2023

Exploitable With

Metasploit (Ray Agent Job RCE)

Reference Information

CVE: CVE-2023-48022

CWE: 918