admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-06xx/CVE-2025-0628.json
cad-safe-bot 45c9d5d76c Auto-Update: 2025-03-23T03:00:20.104511+00:00
2025-03-23 03:03:54 +00:00

64 lines
2.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-0628",
"sourceIdentifier": "security@huntr.dev",
"published": "2025-03-20T10:15:53.407",
"lastModified": "2025-03-20T10:15:53.407",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internal_user_viewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application, including endpoints such as '/users/list' and '/users/get_users'. This vulnerability allows for privilege escalation within the application, enabling any account to become a PROXY ADMIN."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de autorizaci\u00f3n indebida en la \u00faltima versi\u00f3n principal de BerriAI/litellm. Cuando un usuario con el rol \"internal_user_viewer\" inicia sesi\u00f3n en la aplicaci\u00f3n, se le proporciona una clave API con privilegios excesivos. Esta clave permite acceder a todas las funciones de administraci\u00f3n de la aplicaci\u00f3n, incluyendo endpoints como \"/users/list\" y \"/users/get_users\". Esta vulnerabilidad permite la escalada de privilegios dentro de la aplicaci\u00f3n, lo que permite que cualquier cuenta se convierta en administrador proxy."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://github.com/berriai/litellm/commit/566d9354aab4215091b2e51ad0333e948125fa1b",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/6c0e2f75-2d03-42f9-9530-e16a973317fc",
"source": "security@huntr.dev"
}
]
}
Reference in New Issue View Git Blame Copy Permalink