Lucene search

[email protected]NVD:CVE-2024-5710

HistoryJun 27, 2024 - 7:15 p.m.

CVE-2024-5710

2024-06-2719:15:15

CWE-284

[email protected]

web.nvd.nist.gov

berriai/litellm version 1.34.34

improper access control

team management

unauthorized actions

insufficient access control checks

vulnerability

endpoints

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.8%

JSON

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.

Affected configurations

Nvd

Node

litellmlitellmMatch1.34.34

VendorProductVersionCPE
litellmlitellm1.34.34cpe:2.3:a:litellm:litellm:1.34.34:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
litellm	litellm	1.34.34	cpe:2.3:a:litellm:litellm:1.34.34:::::::*

References

huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.8%

JSON

Related for NVD:CVE-2024-5710

vulnrichment1 cve1 github1 osv1 cvelist1