11 matches found
Anyscale Ray - Remote Code Execution
Anyscale Ray 2.6.3 and 2.8.0 contain a remote code execution vulnerability due to insecure job submission API, allowing attackers to execute arbitrary code remotely if they have network access to the Ray Dashboard API. id: CVE-2023-48022 info: name: Anyscale Ray - Remote Code Execution author:...
ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet
Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence AI framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0 , is an evolution...
CVE-2023-48022
A flaw was found in ray. The job submission API allows a remote attacker to execute arbitrary code due to insufficient input validation. An unauthenticated attacker can trigger this vulnerability by sending a malicious job submission request. Successful exploitation results in arbitrary code...
Ray Agent Job Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray Agent Job RCE', 'Description' = %q RCE in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is...
Ray Dashboard Job RCE (CVE-2023-48022)
Binary data rayCVE-2023-48022.nbin...
Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining
Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence AI platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to...
Exploit for Server-Side Request Forgery in Anyscale Ray
CVE-2023-48022 CVE-2023-48022 explo...
CVE-2023-48022
creationtimestamp| type| source ---|---|--- 2023-12-17 16:42:32+00:00| seen| https://t.me/ctinow/155636 2024-02-14 12:16:10+00:00| published-proof-of-concept| https://github.com/google/tsunami-security-scanner-plugins/tree/master/google/detectors/rce/ai/cve202348022 2024-03-27 10:34:26+00:00| see...
ablator (>=0.0.1b1 <=0.0.1b2), ablator-ken-test (=0.0.1b2) +254 more potentially affected by CVE-2023-48022 via ray (>=0.5.0 <=2.49.2)
ray PYPI version =0.5.0, =0.0.1b1, =0.1.1, =0.0.3, =0.3.1, =0.1.16, =0.1.4, =0.2.1, =1.1.1, =0.1.3, =1.0.11 and more Source cves: CVE-2023-48022 Source advisory: OSV:GHSA-6WGJ-66M2-XXP2...
CVE-2023-48022
This CVE impacts Anyscale Ray versions 2.6.3 and 2.8.0, where the remote code execution (RCE) arises from an insecure job submission API. The vulnerability enables unauthenticated remote code execution if an attacker can reach the Ray Dashboard API over the network, as Ray’s API lacks proper auth...
aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1094 more potentially affected by CVE-2023-48022 +4 more via ray (>=0.5.0 <=2.8.0)
ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2023-48022, CVE-2023-48023, CVE-2023-6019, CVE-2023-6020, CVE-2023-6021 Source advisory: OSV:GHSA-3PWW-QVR8-6MHP...