THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-5710

Improper Access Control in Team Management in berriai/litellm

Assigner@huntr_ai
Reserved2024-06-06
Published2024-06-27
Updated2024-07-01

Description

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.



MEDIUM: 5.3CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-284 Improper Access Control

Product status

Default status
unaffected

Any version
affected

References

https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970

cve.org CVE-2024-5710

nvd.nist.gov CVE-2024-5710

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-5710
Find us on
Data Privacy
Terms of Use
Logo Silicon Valley Europe
Logo BSI Allianz für Cyber-Sicherheit