18.4 万个 Ray AI 仪表板在线暴露,无需身份验证
1 分•作者: hacker_might•6 个月前
在深入研究已知的 Ray Dashboard 漏洞时,我发现了一件令人震惊的事情——超过 184,000 个 Ray Dashboard 在没有任何登录或访问控制的情况下公开可访问。这些 Dashboard 允许任何人远程运行代码、窃取机密信息或劫持 AI 基础设施。
我将详细介绍这种暴露情况,攻击者可能如何滥用它,以及团队可以采取哪些措施来保护他们的设置。这远不止配置错误——这是 AI 基础设施部署方式中的一个系统性疏忽。
很想听听您的想法,或者看看其他人是否发现了类似的情况。
查看原文
https://medium.com/@hacker_might/no-auth-no-problem-how-184-000-exposed-ray-dashboards-are-putting-ai-infrastructure-at-risk-fe737116afa8<p>While digging into a known Ray Dashboard vulnerability, I discovered something alarming—over 184,000 Ray dashboards are publicly accessible without any login or access control. These dashboards allow anyone to remotely run code, steal secrets, or hijack AI infrastructure.<p>I detail the exposure, how attackers could abuse it, and what teams can do to secure their setups. This goes far beyond misconfiguration—it’s a systemic oversight in how AI infra is deployed.<p>Would love to hear your thoughts or see if others have found similar cases.