BerriAI Litellm Improper Authorization Vulnerability Allowing Privilege Escalation

A vulnerability allowing improper authorization has been identified in BerriAI's Litellm, specifically in the main-latest version. This issue arises when a user with the 'internal_user_viewer' role logs into the application, as they are granted an excessively privileged API key. This key enables access to all administrative functionalities, including sensitive endpoints such as '/users/list' and '/users/get_users'. Consequently, this vulnerability facilitates privilege escalation, allowing any user account to attain PROXY ADMIN status.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling users to access administrative functions and data they should not be entitled to.

Reproduction

To reproduce this vulnerability, log into the application as a user with the 'internal_user_viewer' role. Once logged in, the user will receive an API key that has been improperly authorized. This key can be used to access administrative endpoints, such as '/users/list' and '/users/get_users', thereby escalating the user's privileges to that of a PROXY ADMIN.

Remediation

Users are advised to update to the patched version of Litellm, which addresses this authorization issue. The latest version can be downloaded from the BerriAI Litellm GitHub repository.