CVE-2024-4888

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes the specified file without proper authorization or validation. This vulnerability is present in the code where `os.remove(file.filename)` is used to delete a file, allowing any user to delete critical files on the server such as SSH keys, SQLite databases, or configuration files.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Exploitability : 1.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/48461d89-cf13-4ad3-a43e-0d37da08fc6c

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-06 19:16

Updated : 2024-06-07 14:56

NVD link : CVE-2024-4888

Mitre link : CVE-2024-4888

CVE.ORG link : CVE-2024-4888

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2024-4888", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2024-06-06T19:16:03.397", "references": [{"url": "https://huntr.com/bounties/48461d89-cf13-4ad3-a43e-0d37da08fc6c", "source": "security@huntr.dev"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes the specified file without proper authorization or validation. This vulnerability is present in the code where `os.remove(file.filename)` is used to delete a file, allowing any user to delete critical files on the server such as SSH keys, SQLite databases, or configuration files. "}, {"lang": "es", "value": "Litellm de BerriAI, en su \u00faltima versi\u00f3n, es vulnerable a la eliminaci\u00f3n arbitraria de archivos debido a una validaci\u00f3n de entrada incorrecta en el endpoint `/audio/transcriptions`. Un atacante puede aprovechar esta vulnerabilidad enviando una solicitud especialmente manipulada que incluya una ruta de archivo al servidor, que luego elimina el archivo especificado sin la autorizaci\u00f3n o validaci\u00f3n adecuada. Esta vulnerabilidad est\u00e1 presente en el c\u00f3digo donde se usa `os.remove(file.filename)` para eliminar un archivo, lo que permite a cualquier usuario eliminar archivos cr\u00edticos en el servidor, como claves SSH, bases de datos SQLite o archivos de configuraci\u00f3n."}], "lastModified": "2024-06-07T14:56:05.647", "sourceIdentifier": "security@huntr.dev"}