A critical remote-code execution vulnerability has been identified in Ray, an open-source Artificial Intelligence framework utilized by major players like Amazon and OpenAI. This exploit, known as ShadowRay and assigned CVE-2023-48022 with a high CVSS score of 9.8, is currently being exploited by malicious actors to pilfer sensitive data and engage in covert cryptocurrency mining operations, leaving numerous businesses at risk.
According to Oligo Security, the unpatched vulnerability has been actively exploited for the past seven months, targeting entities in sectors such as health, digital analytics, and academia that leverage machine-learning technologies. The security researchers at Oligo Security have labeled CVE-2023-48022 as a “dark risk,” signifying its stealthy nature that evades conventional scans but poses a significant threat of breaches and financial losses.
The flaw stems from Ray’s inadequate authorization controls within its job submission API, allowing unauthorized individuals to manipulate workloads, access data, and perform unauthorized actions. While Anyscale, the project behind Ray, acknowledged the issue, they initially considered it a design choice aligned with the framework’s security boundaries. However, the lack of authentication in the job submission API persists in versions 2.6.3 and 2.8.0, enabling remote code execution by malicious actors.
Despite plans to introduce authentication measures in future releases, the current vulnerability persists, enabling cybercriminals to exploit the API and compromise organizations’ servers, leading to data leaks and potential ransomware attacks. The compromised servers have exposed sensitive information from prominent entities like OpenAI, Stripe, and Slack, including credentials and database access, with attackers gaining unauthorized access to cloud environments on AWS, Google, and Microsoft Azure.
In addition to data theft, attackers have leveraged the compromised servers for illicit cryptocurrency mining due to the availability of powerful GPUs, which are costly and in high demand. This exploitation not only poses a financial burden on victim organizations but also underscores the security risks associated with unsecured deployments running with elevated privileges.
Anyscale has taken steps to address the vulnerability, including developing scripts for users to verify their configurations and notifying customers of the issue. However, the ongoing exploitation of CVE-2023-48022 underscores the urgency for organizations to secure their deployments and mitigate the risks posed by this critical vulnerability.