Anyscale Ray Insecure Default Authentication Vulnerability Allowing Remote Code Execution

A vulnerability exists in Anyscale Ray version 2.52.0 due to an insecure default configuration that disables token-based authentication for management interfaces, including the dashboard and Jobs API. This vulnerability allows remote attackers with network access to these interfaces to submit jobs and execute arbitrary code on the Ray cluster. The issue arises because authentication is turned off by default, leaving the cluster exposed. Although the vendor plans to enable token authentication by default in a future release, users are currently advised to manually enable it to secure their clusters.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected Ray cluster.

Reproduction

To reproduce this vulnerability, deploy Anyscale Ray version 2.52.0 without enabling token authentication. Once the cluster is running in this default state, a remote attacker with network access to the management interfaces can submit jobs that execute arbitrary code on the cluster.

Remediation

To address this vulnerability, enable token authentication by setting the environment variable RAY_AUTH_MODE=token before starting the Ray cluster. For local development, this can be done in the shell or IDE. For remote clusters, generate a token and distribute it to all nodes, ensuring that the same token is used across the cluster and by any clients interacting with it.