Vulnerabilities > CVE-2023-48023 - Server-Side Request Forgery (SSRF) vulnerability in Anyscale RAY 2.6.3/2.8.0

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
anyscale
CWE-918
critical

Summary

Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment

Vulnerable Configurations

Part Description Count
Application
Anyscale
2

Common Weakness Enumeration (CWE)