Google Cloud Platform Security Advisory

Published: 2024-04-02



Researchers discovered a vulnerability (CVE-2023-48022) in Ray. Ray is a third-party, open source tool for AI workloads. Because Ray does not require authentication, threat actors can achieve remote code execution through submitting jobs to publicly exposed instances. The vulnerability has been disputed by Anyscale, the developer of Ray. Ray maintains its functions are an intended, core product feature, and that security must instead be implemented outside of a Ray cluster, as any unintended network exposure of the Ray cluster could lead to compromise.

Based on the response, this CVE is disputed and may not show up in vulnerability scanners. Regardless, it is being actively exploited in the wild and users should configure their usage as suggested below.

What should I do?

Follow Ray best practices and guidelines, including running trusted code on trusted networks, in order to secure your Ray workloads. Deployment of ray.io in customer cloud instances falls under the model of shared responsibility.

Google Kubernetes Engine (GKE) security has published a blog on hardening Ray on GKE.

For further information on ways to add authentication and authorization to Ray services, consult the Identity-Aware Proxy (IAP) documentation. GKE users can implement IAP following this guidance or by repurposing Terraform modules linked in the blog.



Leave a Reply

Your email address will not be published. Required fields are marked *