CVE-2023-48022

CRITICAL EXPLOITED NUCLEI

Anyscale Ray - SSRF

Title source: rule

Description

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment. (Also, within that environment, customers at version 2.52.0 and later can choose to use token authentication.)

Exploits (3)

nomisec WORKING POC 6 stars
by jakabakos · remote
https://github.com/jakabakos/ShadowRay-RCE-PoC-CVE-2023-48022
nomisec WORKING POC 2 stars
by 0x656565 · remote
https://github.com/0x656565/CVE-2023-48022
metasploit WORKING POC EXCELLENT
by sierrabearchell, byt3bl33d3r <[email protected]>, Takahiro Yokoyama · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ray_agent_job_rce.rb

Nuclei Templates (1)

Anyscale Ray - Remote Code Execution
CRITICALVERIFIEDby riteshs4hu
Shodan: http.favicon.hash:463802404 || http.html:"ray dashboard"
FOFA: icon_hash=463802404 || body="ray dashboard"

References (6)

Scores

CVSS v3 9.8
EPSS 0.9219
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-03-26
CWE
CWE-918
Status published
Products (3)
anyscale/ray 2.6.3
anyscale/ray 2.8.0
pypi/ray 0PyPI
Published Nov 28, 2023
Tracked Since Feb 18, 2026