Cyber Resilience

CVE-2023-48022

CriticalPublic PoC

Published: 28 November 2023

Published
28 November 2023
Modified
17 December 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9219 99.7th percentile
Risk Priority 75 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-48022 is a critical-severity SSRF (CWE-918) vulnerability in Anyscale Ray. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-48022 is a remote code execution vulnerability affecting the job submission API in Anyscale Ray versions 2.6.3 and 2.8.0. The flaw, classified under CWE-918, permits unauthenticated network attackers to submit jobs that result in arbitrary code execution on the Ray cluster, producing a CVSS 3.1 base score of 9.8.

An attacker with network access to an exposed Ray instance can invoke the job submission endpoint to run attacker-controlled code, achieving full control over the affected cluster without requiring credentials or user interaction.

Vendor documentation states that Ray is designed only for strictly controlled network environments and notes that releases at 2.52.0 and later allow customers to enable token authentication as an optional control; the provided references include Ray security guidance and details on the ShadowRay exploitation technique.

The vulnerability carries an EPSS score that has reached 0.92, and the referenced materials link it to AI/ML attack studies in the MITRE ATLAS framework, reflecting its relevance to distributed machine-learning workloads.

EU & UK References

Vulnerability details

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use…

more

outside of a strictly controlled network environment. (Also, within that environment, customers at version 2.52.0 and later can choose to use token authentication.)

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

anyscale
ray
2.6.3, 2.8.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-918

Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.

addresses: CWE-918

Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.

addresses: CWE-918

Validates server-side URLs and resource references to block SSRF attempts.

addresses: CWE-918

Detects server-side request forgery through monitoring of unexpected outbound connections.

References