CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
berriai/litellm
- 1.34.34
Source
security@huntr.dev
Tags
CVE-2024-5710 details
Last Modified : June 27, 2024, 7:25 p.m.
Description
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.
CVSS Score
1 | 2 | 3 | 4 | 5.3 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-284 | Improper Access Control | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
5.3
Exploitability Score
1.6
Impact Score
3.6
Base Severity
MEDIUM
Vector String : CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
References
URL | Source |
---|---|
https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970 | security@huntr.dev |