Vulnerabilities > CVE-2023-6020 - Missing Authorization vulnerability in RAY Project RAY

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ray-project
CWE-862

Summary

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.

Vulnerable Configurations

Part Description Count
Application
Ray_Project
1

Common Weakness Enumeration (CWE)