Yesterday, I and several users got a CVE alert (https://www.cve.org/CVERecord?id=CVE-2024-10096) that there was an exploit allowing users with access to a Dask scheduler to run arbitrary code on that server using a backdoor with pickle.
Obviously, the creators of this CVE missed the easily accessible `client.run_on_scheduler(my_function)` API, which makes this much easier for a would-be hacker. Is this a backdoor? Maybe, but the front door is wide open inviting all to enter.
I did some research into the creator of the CVE, a project call "Protect AI" (Dask is often used in AI workloads). It looks like they acquired an AI bug bounty company, Huntr (https://protectai.com/newsroom/protect-ai-acquires-huntr), which reported the "bug" several months ago. Even though this was spam, Dask maintainers responded to the bug report saying ...
> This is the expected behavior and not a vulnerability, which is documented at https://distributed.dask.org/en/stable/limitations.html?highlight=host#security. Specifically "You should only host Dask workers within networks that you trust."
Huntr's response?
> A dask/dask maintainer has acknowledged this report
Followed by publishing the report as a CVE
This thoughtless behavior both distracts OSS users, and diminishes the seriousness of the CVE database. It's a shame seeing companies misuse public infrastructure like this. I guess they're using this to generate some internal revenue?