CVE-2024-5710

CVSS V2 None CVSS V3 None

Description

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.

Overview

CVE ID
CVE-2024-5710

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-06-27T18:41:19.900Z

Last Modified Date
2024-06-27T19:54:54.734Z

Weakness Enumerations

CWE	URL
CWE-284	http://cwe.mitre.org/data/definitions/284.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-5710
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5710

History

Created	Old Value	New Value	Data Type	Notes
2024-06-28 13:08:30				Added to TrackCVE