CVE-2025-1979 in rayinformation

Résumé

par MITRE • 06/03/2025

Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password.

This is only exploitable if:

1) Logging is enabled;

2) Redis is using password authentication;

3) Those logs are accessible to an attacker, who can reach that redis instance.

**Note:**

It is recommended that anyone who is running in this configuration should update to the latest version of Ray, then rotate their redis password.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Snyk

Réserver

05/03/2025

Divulgation

06/03/2025

Modérer

accepté

Entrée

VDB-298739

CPE

prêt

CWE

CWE-532 (confirmé)

CVSS

6.4 (CNA)

EPSS

0.00060

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-1979
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-1979
CVE Details	https://www.cvedetails.com/cve/CVE-2025-1979/

◂ Précédent Aperçu Suivant ▸

Might our Artificial Intelligence support you?

Check our Alexa App!