216.73.217.64

CVE-2024-5710

· Published 27/06/2024 19:15 · Modified 27/06/2024 19:25

Labels: CVE-2024-5710 2024-06-27CVE-2024-5710CWE-284[email protected]

Essential information

Published
27/06/2024 19:15
Modified
27/06/2024 19:25
Author
Creator
CVSS
5.3 MEDIUM (v3.0)
CISA KEV
No
CWE
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS metrics

Description

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References