Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign

Threat actors are exploiting a two-year-old vulnerability in the Ray AI framework in a fresh campaign that hit numerous clusters, Oligo reports.

Maintained by Anyscale, Ray is an open source framework for scaling Python-based AI and ML applications. Ray clusters can be deployed into the cloud to scale workloads, and should be secured and isolated in safe network environments, as the framework does not implement authentication.

The issue, tracked as CVE-2023-48022 (CVSS score of 9.8), allows remote, unauthenticated attackers to execute arbitrary code via the framework’s Jobs API.

Anyscale disputed the bug, pointing out that Ray’s documentation clearly states that clusters should not be used outside controlled network environments, but said last year it would implement login and authentication mechanisms in a future release.

However, it wasn’t until Oligo discovered that hundreds of Ray clusters had been compromised in a data-theft campaign dubbed ShadowRay that the ...