November 28, 2023 at 09:06AM
Ray, an open source compute framework for AI, has a critical vulnerability that allows unauthorized access to all nodes, warns cybersecurity firm Bishop Fox. The bug, known as CVE-2023-48023, exists because Ray does not properly enforce authentication on its dashboard and client components. Attackers can exploit this vulnerability to submit or delete jobs without authentication, retrieve sensitive information, or execute arbitrary code. Bishop Fox also highlights other security vulnerabilities in Ray, including unpatched issues reported by Protect AI. The vendor has either dismissed these issues or chosen not to address them.
The meeting notes highlight a critical vulnerability in the Ray open-source compute framework for AI, which could result in unauthorized access to all nodes. Cybersecurity firm Bishop Fox warns that a bug identified as CVE-2023-48023 exists due to the lack of proper authentication on certain components of Ray, such as the dashboard and client. An attacker can exploit this vulnerability to submit or delete jobs without authentication, retrieve sensitive information, and execute arbitrary code. The exploit could potentially provide access to the operating system or attempt to retrieve Ray EC2 instance credentials. Ray’s default configuration does not enforce authentication, and although there is mention of optional mutual TLS authentication, it does not appear to support any authorization model. Bishop Fox reported two additional security issues to Ray’s maintainers, Protect AI, which involve unauthenticated remote code execution using Ray’s Python SDK and client API. There are also other critical vulnerabilities in Ray, including a server-side request forgery (SSRF) bug and an insecure input validation flaw. Some of these issues remain unpatched, as the vendor has not recognized them as security defects or chosen not to address them.