Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/21 10:0 a.m.3 views

CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51213

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description Improper authorization occurs in the ui view users function located in the litellm/proxy/management endpoints/internal user endpoints.py file. This flaw allows a remote attacker to bypass...

5.3CVSS6.2AI score0.00288EPSS
Exploits1References11
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.16 views

CVE-2025-0628 Improper Authorization in BerriAI/litellm

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

8.1CVSS0.00315EPSS
Exploits0References2
CVE
CVE
added 2025/03/20 10:10 a.m.96 views

CVE-2025-0628

CVE-2025-0628 affects the main-latest version of BerriAI/litellm. The issue allows an user with the internal_user_viewer role to obtain an overly privileged API key that can access admin endpoints (e.g., /users/list, /users/get_users), enabling privilege escalation to a PROXY ADMIN. Multiple sour...

8.1CVSS8.2AI score0.00315EPSS
Exploits0References2
Rows per page
Query Builder