Lucene search
MitreCVE-2023-48023HistoryNov 28, 2023 - 8:15 a.m.
CVE-2023-48023
2023-11-2808:15:07
CWE-918
mitre
web.nvd.nist.gov
31
anyscale ray
ssrf
security vulnerability
nvd
cve-2023-48023
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
8.4
Confidence
High
EPSS
0.375
Percentile
97.3%
Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor’s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment
Affected configurations
Node
anyscalerayMatch2.6.3
ORanyscalerayMatch2.8.0
Related
prion
prion
Code injection
2023-11-28 08:15:00
Authentication flaw
2023-11-16 17:15:00
Command injection
2023-11-16 17:15:00
nvd
nvd
nuclei
nuclei
Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery
2024-01-22 05:36:31
cvelist
cvelist
CVE-2023-48023
2023-11-28 00:00:00
CVE-2023-6019 Ray Command Injection in cpu_profile Parameter
2023-11-16 16:12:07
CVE-2023-6021 Ray Log File Local File Include
2023-11-16 16:11:42
github
github
Ray Missing Authorization vulnerability
2023-11-16 21:30:46
Ray Path Traversal vulnerability
2023-11-16 18:30:31
osv
osv
Ray Missing Authorization vulnerability
2023-11-16 21:30:46
Ray Path Traversal vulnerability
2023-11-16 18:30:31
thn
thn
cve
cve
CVE-2023-6021
2023-11-16 17:15:09
CVE-2023-6019
2023-11-16 17:15:08
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
8.4
Confidence
High
EPSS
0.375
Percentile
97.3%
Related for CVE-2023-48023