Skip to content
Join Censys for a Threat Hunting Workshop & Happy Hour! | April 17 at City Winery in Philadelphia | Register Now

March 28, 2024: Anyscale Ray Dashboard RCE vulnerability via API CVE-2023-48022

Global Impact (at time of dissemination)

• 315 hosts affected globally
• 77% of globally affected hosts with an exposed login page
• Three globally affected hosts with exposed file directories

Top affected countries:
1. Netherlands
2. Afghanistan
3. US
4. China
5. Belgium


Censys is aware that on November 28, 2023 a remote code execution (RCE) vulnerability via the job submission API for Anyscale’s Ray AI framework was published. At that time, “CVE-2023-48022 was not initially considered a serious risk and was not promptly fixed” (The Record). The NVD states “the vendor’s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment.” The vulnerability has since been updated and has contributed to thousands of compromises of exposed Ray servers, according to Oligo Security.


According to The Record, “[t]his flaw allows attackers to take control of companies’ computing power and leak sensitive data….

For example, some of the credentials required to access a database were exposed, allowing attackers to silently download complete databases. On some machines, attackers could modify the database or encrypt it with ransomware.

Other leaked information reportedly included password hashes, Stripe tokens that attackers could use to drain payment accounts by signing their transactions on the live platform, and Slack tokens that could allow attackers to read an impacted organization’s Slack messages or send arbitrary messages to certain channels on the platform.”

Due to the sensitive nature of the many data points AI may leverage to compute output, access to such a wide-reaching framework could be significant.

Affected Assets

According to the NVD, this issue affects Anyscale Ray 2.6.3 and 2.8.0.
Censys’ Rapid Response Team was able to identify exposed Ray Dashboards. Versions were not available to determine publicly due to the nature of the asset. Below are queries for exposed Anyscale Ray Dashboards that are publicly facing and recently observed from our scans. Owners of these assets will need to conduct further analysis to determine versions & ensure their Ray clusters are secured within a controlled network environment.

Censys ASM Risk Name
“Exposed Anyscale Ray Dashboard”
Censys ASM customers will see this risk applied to affected assets in their workspaces. Those that have signed up for Rapid Response Automated Risk Alerting will be contacted directly regarding affected assets.

Censys ASM Query This query is shared for customers who wish to refine or alter versioning for customized operations.

Censys Search Queries are shared directly with Censys customers. If you would like to obtain the Censys query to identify global instances related to this issue, or need help, please contact us.

Recommendations for remediation

from Anyscale are inconclusive regarding their Ray Dashboards as they are contesting that most of the issues regarding these assets are not actually vulnerabilities. They do, however, mention that “bugs” in CVEs -2023-6019, 6020, 6021, and 48023 are a part of Ray version 2.8.1. Asset owners should upgrade to the most recent version of Ray. The final CVE-2023-48022 will not be addressed at this time, as per Anyscale’s announcement.

If you need assistance in positively identifying these assets, please let us know.

Attack Surface Management Solutions
Learn more