Unpatched Vulnerabilities Detected in Ray Open Source Framework for AI/ML

November 28, 2023

The Ray open source framework, used by organizations to scale artificial intelligence and machine learning workloads, has been found to have three unpatched vulnerabilities, potentially exposing users to attacks. These vulnerabilities could enable attackers to gain access to the operating system of all nodes in a Ray cluster, enable remote code execution, and escalate privileges.

The vulnerabilities were discovered by researchers from Bishop Fox, who reported them to Anyscale in August. According to Berenice Flores Garcia, a senior security consultant at Bishop Fox, "Their position is that the vulnerabilities are irrelevant because Ray is not intended for use outside of a strictly controlled network environment and claims to have this stated in their documentation,".

Ray is used by many large organizations, including OpenAI, Spotify, Uber, Netflix, and Instacart, to build scalable AI and machine learning applications. It can also be used to distribute the execution of complex, infrastructure-intensive AI and ML workloads. Amazon's AWS has integrated Ray into many of its cloud services.

The vulnerabilities reported by Bishop Fox pertain to improper authentication and input validation in Ray Dashboard, Ray Client, and other components. These vulnerabilities, listed as CVE-2023-48023, CVE-2023-48022, and CVE-2023-6021, affect Ray versions 2.6.3 and 2.8.0. They could allow attackers to obtain any data, scripts, or files stored in a Ray cluster.

Garcia explained that the vulnerabilities are easy to exploit, requiring only remote access to the vulnerable component ports and some basic Python knowledge. She added, "The vulnerable components are very easy to find if the Ray Dashboard UI is exposed. This is the gate to exploit the three vulnerabilities included in the advisory,".

Despite the warnings, Anyscale has not responded to the vulnerabilities. However, the company's documentation states that Ray is expected to run in a safe network environment and act upon trusted code. It emphasizes the need for network traffic between Ray components to occur in an isolated environment and for strict network controls and authentication mechanisms when accessing additional services.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.