Ray framework flaw exploited for hackers to breach servers

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

The Ray framework, an open source tool for AI and Python workload scaling, is vulnerable to half a dozen flaws that allow hackers to hijack the devices and steal sensitive data. 

This is according to cybersecurity researchers from Oligo, who published their findings on a new hacking campaign they dubbed “ShadowRay”. 

Apparently active since early September 2023, ShadowRay’s operators abused five distinct Ray vulnerabilities to target firms in education, cryptocurrency, biopharma, and other verticals.

"Shadow vulnerability"

Four of the vulnerabilities are tracked as CVE-2023-6019, CVE-2023-6020, CVE-2023-6021, and CVE-2023-48023, and Anyscale, Ray’s developer, fixed them. The fifth one, deemed a critical remote code execution (RCE) flaw by researchers, and tracked as CVE-2023-48022, was not fixed.

Anyscale argues that this was not a bug, but a feature: "The remaining CVE (CVE-2023-48022) - that Ray does not have authentication built in - is a long-standing design decision based on how Ray's security boundaries are drawn and consistent with Ray deployment best practices, though we intend to offer authentication in a future version as part of a defense-in-depth strategy," it said.

As per the developers, this RCE flaw can only be abused in deployments that go against Anyscale’s recommendations and don’t limit Ray’s use to a strictly controlled network environment.

Oligo, on the other hand, says that by disputing the CVE, Anyscale is leaving many developers in the dark on the potential holes. "We have observed instances of CVE-2023-48022 being actively exploited in the wild, making the disputed CVE a "shadow vulnerability"—a CVE that doesn't show up in static scans but can still lead to breaches and significant losses."

The researchers said they observed “hundreds” of publicly exposed Ray servers, compromised via this vulnerability. As a result, threat actors were stealing sensitive data such as AI models, production database credentials, and more. In some instances they were even installing cryptominers.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Hacking warning on a computer screen.
Open source machine learning systems are highly vulnerable to security threats
A person holding out their hand with a digital AI symbol.
Meta Llama LLM security flaw could let hackers easily breach systems and spread malware
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Top file synchronization tool Rsync security flaws mean up to 660,000 servers possibly affected
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Thousands of servers potentially at risk from Prometheus security flaw
Representational image of a hacker
The 10 worst software disasters of 2024: cyberattacks, malicious AI, and silent threats
An abstract image of digital security.
Identifying the evolving security threats to AI models
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Latest in News
Project Moohan prototype at Samsung Galaxy Unpacked, an XR goggles headset on display in a show area
Samsung's Android XR headset could avoid the Apple Vision Pro's biggest mistake, according to this leak
Rivian R1T
Big Rivian update delivers hands-off driving to rival Tesla Autopilot – and a new 'Rally' mode
The Samsung Galaxy S25 Edge, close up on the dual camera system, against a marbled background
The Samsung Galaxy S25 Edge is being tipped to come with a sweet Google Gemini deal
Diego Luna looks questioningly at the back of someone's head as Cassian Andor in the show Andor
You have no excuse not to watch the best Star Wars TV show, thanks to Disney+ making Andor free to stream on YouTube Disney+ is making Andor free to stream on YouTube, and now you have no excuse not to watch the best Star Wars show
Matt Murdock and Kirsten McDuffie standing in a court room in Daredevil: Born Again
Daredevil: Born Again episode 3 contains another Marvel reference to Spider-Man, but it's got nothing to do with Tom Holland's Peter Parker
Man having Windows 11 problems with his laptop
Fed up of adverts creeping into Windows 11? You won’t like Microsoft’s latest update, then, although it does provide some important bug fixes