Security News > 2024 > March > Hackers exploit Ray framework flaw to breach servers, hijack resources
Ray is an open-source framework developed by Anyscale that is used to scale AI and Python applications across a cluster of machines for distributed computational workloads.
In November 2023, Anyscale disclosed five Ray vulnerabilities, fixing four tracked as CVE-2023-6019, CVE-2023-6020, CVE-2023-6021, and CVE-2023-48023.
"The remaining CVE - that Ray does not have authentication built in - is a long-standing design decision based on how Ray's security boundaries are drawn and consistent with Ray deployment best practices, though we intend to offer authentication in a future version as part of a defense-in-depth strategy," reads the AnyScale security advisory.
Specifically, Anyscale stated that the flaw is exploitable only in deployments that violated the recommendations in the project's documentation to limit Ray's use in a strictly controlled network environment.
Following these discoveries, Oligo says they alerted many companies that were breached using the Ray bug and provided assistance with remediation.
To secure Ray deployments, it's crucial to operate within a secured environment by enforcing firewall rules, adding authorization to the Ray Dashboard port, and continuously monitoring for anomalies.
News URL
Related news
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- BT unit took servers offline after Black Basta ransomware breach (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-28 | CVE-2023-48023 | Server-Side Request Forgery (SSRF) vulnerability in Anyscale RAY 2.6.3/2.8.0 Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. | 9.1 |
| 2023-11-16 | CVE-2023-6020 | Unspecified vulnerability in RAY Project RAY LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. | 7.5 |
| 2023-11-16 | CVE-2023-6021 | Path Traversal vulnerability in RAY Project RAY LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. | 7.5 |
| 2023-11-16 | CVE-2023-6019 | Unspecified vulnerability in RAY Project RAY A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. | 9.8 |