The Latest in IT Security

Critical Vulnerability Found in Ray AI Framework 

28
Nov
2023
Critical Vulnerability Found in Ray AI Framework 

image credit: freepik

Tracked as CVE-2023-48023, the bug exists because Ray does not properly enforce authentication on at least two of its components, namely the dashboard and client.

A remote attacker can abuse this issue to submit or delete jobs without authentication. Furthermore, the attacker could retrieve sensitive information and execute arbitrary code, Bishop Fox says.

“The vulnerability could be exploited to obtain operating system access to all nodes in the Ray cluster or attempt to retrieve Ray EC2 instance credentials (in a typical AWS cloud install),” the cybersecurity firm notes.

Read More

Comments are closed.

Categories

SATURDAY, JUNE 15, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments