Back

CVE-2024-5710

June 27, 2024, 7:25 p.m.

Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

Products

berriai/litellm

  • 1.34.34

Source

security@huntr.dev

Tags

CWE-284
security@huntr.dev
2024-06-27
CVE-2024-5710

CVE-2024-5710 details

Published : June 27, 2024, 7:15 p.m.
Last Modified : June 27, 2024, 7:25 p.m.

Description

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.

CVSS Score

1 2 3 4 5.3 6 7 8 9 10

Weakness

Weakness Name Description
CWE-284 Improper Access Control The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

5.3

Exploitability Score

1.6

Impact Score

3.6

Base Severity

MEDIUM

Vector String : CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

References

URL Source
https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970 security@huntr.dev
This website uses the NVD API, but is not approved or certified by it.