by @jakaba
01 Apr 2024

The story of ShadowRay (CVE-2023-48022)

by @jakaba
01 Apr 2024

The story of ShadowRay (CVE-2023-48022)

CVEs

9.8 Critical Severity

Apps

R
RayAnyscale
1.12.1.*
1.13.0.*
1.11.0.*
1.12.0.*
0.8.7.*
0.6.5.*
0.7.6.*
1.13.1.*
1.10.0.*
0.8.6.*

Screenshots from the blog posts

images/cluduv3ds4sat1hmv5e063lpu.jpgimages/cluduv3ds4sat1hmv5e063lpu.jpg

Summary

CVE-2023-48022 exposes a critical security flaw within Ray's framework, allowing unauthorized access to the Jobs API without authentication. This vulnerability permits remote attackers to execute arbitrary code, leading to data breaches, unauthorized data access, and potentially commandeering the underlying computing resources for malicious activities such as cryptocurrency mining.

Description

users/photos/clj8b3h1k16g10uoihwvzgsxi.png

@jakaba

74 posts

Total vcoins

64.3K

Social media links

Comments (0)