Primary

Context

Berriai Litellm API Key Logging Vulnerability in Logging Component

Vulnerability

A vulnerability has been identified in the Berriai Litellm project, specifically in version 1.44.9, within the logging component. The issue arises because the API key masking functionality only obscures the first five characters of the key, leading to the exposure of nearly the entire API key in the logs. This flaw allows a significant portion of the secret key to be leaked.

Impact

The vulnerability results in the logging of a substantial part of the API key, compromising its confidentiality.

Reproduction

To reproduce this vulnerability, use Berriai Litellm version 1.44.9 with Gemini or Google AI Studio. After making a request that includes the API key, the unmasked key will be logged, revealing almost the entire key except for the first few characters.

Remediation

Users can update to Berriai Litellm version 1.44.12 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Berriai Litellm API Key Logging Vulnerability in Logging Component

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating