Vulnerabilities > CVE-2024-5710 - Unspecified vulnerability in Litellm 1.34.34

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

litellm

NVD

Published: 2024-06-27

Updated: 2024-09-20

Summary

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.

Vulnerable Configurations

Part	Description	Count
Application	Litellm Litellm Litellm 1.34.34	1

References

https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970