API Key Exposure in Berriai's Litellm Product
CVE-2024-9606
7.5HIGH
Summary
In Berriai's Litellm product versions prior to 1.44.12, a critical vulnerability exists within the log management system. The API key masking functionality is limited to obscuring only the first five characters of sensitive keys, leading to significant leakage of API key information in the logs. This flaw allows attackers or unauthorized users to potentially access pivotal authentication credentials, undermining the overall security posture of applications relying on these keys. Users are urged to upgrade to the latest version to mitigate the exposure risks.
Affected Version(s)
berriai/litellm < 1.44.12
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
CVSS V3.0
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved