CVE-2024-5710

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.
References
Link Resource
https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:litellm:litellm:1.34.34:*:*:*:*:*:*:*

History

20 Sep 2024, 18:04

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References () https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970 - () https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 6.5
First Time Litellm litellm
Litellm
CPE cpe:2.3:a:litellm:litellm:1.34.34:*:*:*:*:*:*:*

01 Jul 2024, 10:15

Type Values Removed Values Added
Summary
  • (es) berriai/litellm versión 1.34.34 es vulnerable a un control de acceso inadecuado en su funcionalidad de gestión de equipos. Esta vulnerabilidad permite a los atacantes realizar acciones no autorizadas, como crear, actualizar, ver, eliminar, bloquear y desbloquear cualquier equipo, así como agregar o eliminar cualquier miembro de cualquier equipo. La vulnerabilidad se debe a controles de acceso insuficientes en varios endpoints de administración de equipos, lo que permite a los atacantes explotar estas funcionalidades sin la autorización adecuada.

27 Jun 2024, 19:25

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-27 19:15

Updated : 2024-09-20 18:04


NVD link : CVE-2024-5710

Mitre link : CVE-2024-5710

CVE.ORG link : CVE-2024-5710


JSON object : View

Products Affected

litellm

  • litellm
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control