CVE-2023-48023 Scanner

Anyscale Ray is a distributed computing framework designed to scale Python applications from a single laptop to a large number of machines. It is used by developers and data scientists for tasks like training machine learning models, processing large datasets, and deploying services. Ray facilitates parallel and distributed computing capabilities, making it suitable for AI applications. The Ray Dashboard, a part of this framework, provides insights and monitoring capabilities into these distributed instances. Organizations worldwide, especially those invested in AI and big data, integrate Ray into their infrastructure. Its accessibility and scalability make it a common choice for orchestrating modern cloud-native applications.

The Server-Side Request Forgery (SSRF) vulnerability affects the Ray Dashboard API through insufficient input validation. Attackers can use this flaw to make unauthorized requests from the system hosting the Ray Dashboard. Such vulnerabilities are critical as they may allow an attacker to access internal resources of the network that are otherwise protected. The SSRF vulnerability stems from how the URL parameter in the /log_proxy endpoint is handled. This could potentially compromise confidentiality, integrity, and availability by exposing sensitive data and internal services. Without proper checks, SSRF can be a gateway for further attacks on network security.

The identified vulnerability in Anyscale Ray resides in the /log_proxy API endpoint, particularly in the handling of the 'url' parameter. Due to insufficient input validation, this parameter can be manipulated to accept arbitrary HTTP or HTTPS URLs. This leads to potential malicious requests being sent internally, without authentication, targeting internal systems. The default access to the Ray Dashboard port 8265 poses a risk, specifically allowing exploitation from a network-connected attacker. Through this SSRF weakness, attackers could potentially access sensitive IAM credentials via the AWS metadata API, as internal requests can be crafted to access privileged endpoints.

Exploiting this SSRF vulnerability could have profound impacts, allowing unauthorized access to sensitive internal resources. Attackers might retrieve privileged credentials, potentially leading to further exploitation of the host or processing unauthorized data commands. Confidentiality breaches could ensue if attackers gain access to sensitive information stored or processed by affected systems. Integrity could be compromised through malicious requests altering data or the system's operation. Finally, while direct availability issues may not occur, system reliability and trust could be severely affected if the host is used to conduct further unauthorized actions within the network.

REFERENCES

• https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0
• https://huntr.com/bounties/448bcada-9f6f-442e-8950-79f41efacfed/
• https://security.snyk.io/vuln/SNYK-PYTHON-RAY-6096054
• https://nvd.nist.gov/vuln/detail/CVE-2023-48023