Letao Jiang

**Name of the Vulnerable Software and Affected Versions** ray versions prior to 2.43.0 **Description** The issue concerns the insertion of sensitive information into log files, specifically the redis password being logged in standard logging. This occurs when the redis password is passed as an argument. The password could potentially leak if logs are accessible to an attacker. This is only exploitable if logging is enabled, Redis uses password authentication, and the logs are reachable by an attacker. **Recommendations** For versions prior to 2.43.0, update to the latest version of Ray and then rotate the redis password. As a temporary workaround, consider disabling logging or restricting access to logs to minimize the risk of exploitation.