Lucene search
HistoryNov 28, 2023 - 8:15 a.m.
CVE-2023-48023
anyscale ray 2.6.3
anyscale ray 2.8.0
ssrf
vendor's position
strictly controlled network environment
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.326 Low
EPSS
Percentile
97.1%
Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor’s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment
Affected configurations
Node
anyscalerayMatch2.6.3
ORanyscalerayMatch2.8.0
Related
prion
prion
Code injection
2023-11-28 08:15:00
Command injection
2023-11-16 17:15:00
Authentication flaw
2023-11-16 17:15:00
cvelist
cvelist
CVE-2023-48023
2023-11-28 00:00:00
CVE-2023-6019 Ray Command Injection in cpu_profile Parameter
2023-11-16 16:12:07
CVE-2023-6021 Ray Log File Local File Include
2023-11-16 16:11:42
cve
cve
nuclei
nuclei
Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery
2024-01-22 05:36:31
nvd
nvd
CVE-2023-6021
2023-11-16 17:15:09
CVE-2023-6019
2023-11-16 17:15:08
osv
osv
Ray Missing Authorization vulnerability
2023-11-16 21:30:46
Ray Path Traversal vulnerability
2023-11-16 18:30:31
github
github
Ray Missing Authorization vulnerability
2023-11-16 21:30:46
Ray Path Traversal vulnerability
2023-11-16 18:30:31
thn
thn
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.326 Low
EPSS
Percentile
97.1%
Related for NVD:CVE-2023-48023