CVE-2024-4889

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-06 18:15

Updated : 2024-06-07 14:56

NVD link : CVE-2024-4889

Mitre link : CVE-2024-4889

CVE.ORG link : CVE-2024-4889

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-4889", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-06-06T18:15:18.577", "references": [{"url": "https://huntr.com/bounties/be3fda72-a65b-4993-9a0e-7e0f05db51f8", "source": "security@huntr.dev"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en la aplicaci\u00f3n berriai/litellm, versi\u00f3n 1.34.6, debido al uso de entradas no validadas en la funci\u00f3n de evaluaci\u00f3n dentro del sistema de gesti\u00f3n de secretos. Esta vulnerabilidad requiere un archivo de configuraci\u00f3n de Google KMS v\u00e1lido para ser explotable. Espec\u00edficamente, al configurar la variable `UI_LOGO_PATH` en una direcci\u00f3n de servidor remoto en la funci\u00f3n `get_image`, un atacante puede escribir un archivo de configuraci\u00f3n malicioso de Google KMS en el archivo `cached_logo.jpg`. Este archivo luego se puede usar para ejecutar c\u00f3digo arbitrario asignando c\u00f3digo malicioso a la variable de entorno `SAVE_CONFIG_TO_DB`, lo que lleva al control total del sistema. La vulnerabilidad depende del uso de la funci\u00f3n Google KMS."}], "lastModified": "2024-06-07T14:56:05.647", "sourceIdentifier": "security@huntr.dev"}