Lucene search
HistoryNov 16, 2023 - 9:15 p.m.
CVE-2023-6020
cve-2023-6020
ray's
server access
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.405
Percentile
97.3%
LFI in Ray’s /static/ directory allows attackers to read any file on the server without authentication.
Affected configurations
Node
ray_projectrayMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ray_project | ray | - | cpe:2.3:a:ray_project:ray:-:*:*:*:*:*:*:* |
Related
prion
prion
Authentication flaw
2023-11-16 21:15:00
Authentication flaw
2023-11-16 17:15:00
Command injection
2023-11-16 17:15:00
cvelist
cvelist
CVE-2023-6020 Ray Static File Local File Include
2023-11-16 21:07:33
CVE-2023-6021 Ray Log File Local File Include
2023-11-16 16:11:42
CVE-2023-6019 Ray Command Injection in cpu_profile Parameter
2023-11-16 16:12:07
nuclei
nuclei
Ray Static File - Local File Inclusion
2023-12-05 16:15:41
packetstorm
packetstorm
Ray Static Arbitrary File Read
2024-08-31 00:00:00
metasploit
metasploit
Ray static arbitrary file read
2024-08-08 23:51:14
cve
cve
github
github
Ray Missing Authorization vulnerability
2023-11-16 21:30:46
Ray Path Traversal vulnerability
2023-11-16 18:30:31
osv
osv
Ray Missing Authorization vulnerability
2023-11-16 21:30:46
Ray Path Traversal vulnerability
2023-11-16 18:30:31
nvd
nvd
CVE-2023-6021
2023-11-16 17:15:09
CVE-2023-6019
2023-11-16 17:15:08
thn
thn
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 08/30/2024
2024-08-30 18:43:05
openvas
openvas
Generic HTTP Directory Traversal (Web Dirs) - Active Check
2021-07-22 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.405
Percentile
97.3%
Related for NVD:CVE-2023-6020