Lucene search

[email protected]CVE-2023-48023

HistoryNov 28, 2023 - 8:15 a.m.

CVE-2023-48023

2023-11-2808:15:07

CWE-918

[email protected]

web.nvd.nist.gov

anyscale ray

ssrf

security vulnerability

nvd

cve-2023-48023

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.4 High

AI Score

Confidence

High

0.326 Low

EPSS

Percentile

97.1%

JSON

Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor’s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment

Affected configurations

NVD

Node

anyscalerayMatch2.6.3

anyscalerayMatch2.8.0

CPENameOperatorVersion
anyscale:rayanyscale rayeq2.6.3
anyscale:rayanyscale rayeq2.8.0

CPE	Name	Operator	Version
anyscale:ray	anyscale ray	eq	2.6.3
anyscale:ray	anyscale ray	eq	2.8.0

References

bishopfox.com/blog/ray-versions-2-6-3-2-8-0

docs.ray.io/en/latest/ray-security/index.html

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.4 High

AI Score

Confidence

High

0.326 Low

EPSS

Percentile

97.1%

JSON

Related for CVE-2023-48023

prion3 nvd3 cvelist3 nuclei1 osv2 github2 cve2 thn1