Vulnerabilities > CVE-2023-6020 - Missing Authorization vulnerability in RAY Project RAY

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ray-project
CWE-862
NVD
Published: 2023-11-16
Updated: 2024-02-08

Summary

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.

Vulnerable Configurations

Part Description Count
Application
Ray_Project
1

Common Weakness Enumeration (CWE)

Related news

References