The Ray framework, an open source tool for scaling AI and Python workloads, is vulnerable to a half-dozen flaws that could allow hackers to hijack the devices and steal sensitive data.
This is what cybersecurity researchers from Oligo say, who published their findings on a new hacking campaign they called “ShadowRay.”
Apparently active since early September 2023, ShadowRay’s operators exploited five different Ray vulnerabilities to target companies in education, cryptocurrency, biopharma, and other industries.
“Shadow Vulnerability”
Four of the vulnerabilities are being tracked because CVE-2023-6019, CVE-2023-6020, CVE-2023-6021, and CVE-2023-48023, and Anyscale, Ray’s developer, has fixed them. The fifth flaw, which researchers considered a critical remote code execution (RCE) flaw and tracked as CVE-2023-48022, was not fixed.
Anyscale states that this was not a bug, but a feature: “The remaining CVE (CVE-2023-48022) – in which Ray has not built in authentication – is a long-standing design decision based on how Ray’s security boundaries are drawn and consistent with best practices for Ray implementation, although we plan to offer authentication in a future version as part of a defense-in-depth strategy,” the report said.
According to the developers, this RCE flaw can only be exploited in implementations that conflict with Anyscale’s recommendations and that do not limit the use of Ray to a strictly controlled network environment.
Oligo, on the other hand, says that by disputing the CVE, Anyscale is leaving many developers in the dark about the potential holes. “We have observed examples of CVE-2023-48022 being actively exploited in the wild, making the disputed CVE a ‘shadow vulnerability’ – a CVE that does not appear in static scans, but can still lead to breaches and significant losses.”
The researchers said they observed “hundreds” of publicly exposed Ray servers affected by this vulnerability. As a result, threat actors stole sensitive data such as AI models, production database credentials, and more. In some cases they even installed crypto miners.
Through BleepingComputer