Wiz
Vulnerability DatabaseCVE-2023-48023

CVE-2023-48023
Homebrew vulnerability analysis and mitigation

Overview

Anyscale Ray versions 2.6.3 and 2.8.0 contain a Server-Side Request Forgery (SSRF) vulnerability in the /log_proxy API endpoint. The vulnerability was discovered and reported by Bishop Fox, but is currently marked as disputed. The vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment (Bishop Fox Blog, Ray Security Docs).

Technical details

The vulnerability exists in the url parameter of the /log_proxy API endpoint of the Ray Dashboard API. The API does not perform sufficient input validation within the affected parameter, and any HTTP or HTTPS URLs are accepted as valid. The issue is exploitable without authentication and only requires network connectivity to the Ray Dashboard port (8265 by default). The vulnerability has been assigned a CVSS v3.1 base score of 9.1 CRITICAL with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (Bishop Fox Blog).

Impact

If exploited, the vulnerability could allow attackers to proxy any HTTP or HTTPS request through the API. In a typical cloud installation, attackers could potentially retrieve highly privileged IAM credentials required by Ray from the AWS metadata API. This could lead to unauthorized access to sensitive data and potential privilege escalation in cloud environments (Bishop Fox Blog).

Mitigation and workarounds

Ray maintainers recommend running Ray within a secured, trusted environment and adding firewall rules or security groups to prevent unauthorized access. If the Ray Dashboard needs to be accessible, implement a proxy that adds an authorization layer to the Ray API when exposing it over the network. Users should avoid binding on 0.0.0.0 and instead use an IP of an explicit network interface within a trusted private VPC/VPN (Ray Security Docs).

Community reactions

The security community has expressed concern about this vulnerability being marked as disputed despite active exploitation in the wild. Oligo Security researchers have dubbed this vulnerability 'ShadowRay,' marking it as the first known instance of AI workloads being actively exploited through vulnerabilities in modern AI infrastructure (Oligo Security).

Additional resources

SourceThis report was generated using AI

Related Homebrew vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-14330CRITICAL9.8
  • NixOSNixOS
  • cpe:2.3:a:mozilla:firefox
NoYesDec 09, 2025
CVE-2025-14329HIGH8.8
  • NixOSNixOS
  • firefox-x11
NoYesDec 09, 2025
CVE-2025-14333HIGH8.1
  • NixOSNixOS
  • firefox-x11
NoYesDec 09, 2025
CVE-2025-14332HIGH7.3
  • NixOSNixOS
  • cpe:2.3:a:mozilla:firefox
NoYesDec 09, 2025
CVE-2025-14331MEDIUM6.5
  • NixOSNixOS
  • firefox
NoYesDec 09, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo