Researchers found numerous severe security vulnerabilities in the Ray compute framework that allow unauthorized access. Since the flaws remained unpatched until disclosure, the researchers warn users to refrain from using the service until relevant patches arrive.
Patch Awaited For Critical Ray Framework Vulnerabilities
In a recent post, cybersecurity firm Bishop Fox researchers elaborated on several vulnerabilities riddling the Ray framework.
Ray, as described, is an open-source unified compute framework that helps scale AI and Python workloads. The service facilitates businesses in developing and deploying large-scale AI models. It boasts many customers from different niches like Uber and Wildlife Studios.
Specifically, the platform exhibits three critical severity vulnerabilities affecting two of its components: Ray Dashboard and Ray Client. These vulnerabilities exist because the framework doesn’t adequately enforce authentication and input validation in these components. The three flaws include,
- CVE-2023-48023 (critical): a code execution flaw that existed due to a lack of authentication in the default ray configuration.
- CVE-2023-48022 (critical): an SSRF vulnerability in the Ray Dashboard API allowing code execution to a remote attacker.
- CVE-2023-6021 (critical): an insecure input validation in the Ray Dashboard’s /api/v0/logs/file API endpoint allowing code execution.
Regarding the impact of these vulnerabilities, the researchers explained that a remote adversary may access stored files and scripts in the Ray cluster. And, in the worst scenarios, the attacker may also steal IAM credentials from the Ray framework installed in AWS to gain elevated privileges.
This makes it possible for unauthorized users to obtain operating system access to all nodes in the Ray cluster or attempt to retrieve Ray EC2 instance credentials (in a typical AWS cloud install).
According to the researchers, the vulnerabilities affect Ray versions 2.6.3 and 2.8.0. Bishop Fox discovered and reported the vulnerabilities to Anyscale – Ray framework vendor – in August 2023. While the vendors acknowledged their bug report, the vulnerabilities remained unpatched until the time of writing this story, indicating that all Ray users are exposed to potential threats.
Therefore, to avoid the risks, the researchers advise users to avoid using the platform until the developers patch the flaw.
Let us know your thoughts in the comments.
