漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Access Control in Team Management in berriai/litellm
Vulnerability Description
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
LiteLLM 访问控制错误漏洞
Vulnerability Description
LiteLLM是Berri AI开源的一个应用程序。可以使用 OpenAI 格式调用所有 LLM API。 LiteLLM 1.34.34版本存在访问控制错误漏洞,该漏洞源于团队管理功能存在访问控制不当问题,允许攻击者创建/更新/查看/删除/阻止/取消阻止任何团队,以及向任何团队添加/删除任何成员。
CVSS Information
N/A
Vulnerability Type
N/A