Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 12:41 p.m.14 views

CVE-2025-0628

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

8.1CVSS7AI score0.00315EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/20 6:43 p.m.3 views

Improper Authorization

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Improper Authorization due to the overly privileged API key assigned to internaluserviewer roles. An attacker can escalate privileges within the application by accessing...

8.6CVSS7.1AI score0.00315EPSS
Exploits0References2
NVD
NVD
added 2025/03/20 10:15 a.m.13 views

CVE-2025-0628

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

8.1CVSS0.00315EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 10:10 a.m.10 views

CVE-2025-0628 Improper Authorization in BerriAI/litellm

An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...

8.1CVSS7.3AI score0.00315EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.11 views

PT-2025-12318

Name of the Vulnerable Software and Affected Versions BerriAI/litellm version main-latest Description The issue is related to improper authorization. When a user with the role internal user viewer logs into the application, they are provided with an overly privileged API key. This key allows acce...

8.1CVSS7.2AI score0.00315EPSS
Exploits0References16
Rows per page
Query Builder