Description
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- BerriAI / litellm0 – 1.83.14
References
- MISChttps://www.obsidiansecurity.com/blog/litellm-privilege-escalation-rce
- MISChttps://gist.github.com/13ph03nix/9ec616e1fdc77b3673509c60206e827f
- MISChttps://huntr.com/bounties/8e75edfb-ff05-4e63-bfca-2d93d03fb3b9
- PATCHhttps://github.com/BerriAI/litellm/releases/tag/v1.83.14-stable
- PATCHhttps://github.com/BerriAI/litellm/commit/d910a95661fce3cdd36f3b06c03ecf9c46c6457c
- PATCHhttps://github.com/BerriAI/litellm/commit/2220f3076ac89bd2a2e3439acf57dcfbec2434c9
- PATCHhttps://github.com/BerriAI/litellm/commit/5190bd07eb23a037745d86328096f54378f1614a
- VENDOR_ADVISORYhttps://www.vulncheck.com/advisories/litellm-privilege-escalation-via-api-key-generation
Updated 3m ago · 2 sources