LiteLLM Privilege Escalation Vulnerability via Unrestricted Allowed Routes in API Key Generation

A privilege escalation vulnerability has been identified in LiteLLM versions prior to 1.83.14. This vulnerability allows an authenticated user with internal_user privileges to create API keys that access routes beyond their assigned permissions. The issue arises because the allowed_routes field is stored without proper validation, enabling access to admin-only routes. Exploiting this flaw allows internal_users to escalate their privileges to proxy_admin.

Impact

Exploitation of this vulnerability allows internal_users to gain full administrative rights, including access to all user and team management functions, API keys, models, and prompt history.

Reproduction

To reproduce this vulnerability, an authenticated internal_user can generate a key with the allowed_routes parameter set to include admin-only routes, such as '/user/update'. Once the key is created, it can be used to access the specified routes and modify the user's role to proxy_admin, thereby escalating privileges.

Remediation

Users can update to LiteLLM version 1.83.14 or later, where this vulnerability has been addressed.