CVE-2024-5710

Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.34.34

Description: The issue is related to improper access control in the team management functionality, allowing attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. This is due to insufficient access control checks in various team management endpoints.

Recommendations: For version 1.34.34, consider temporarily restricting access to the team management functionality until a patch is available. As a mitigation measure, restrict the use of the vulnerable team management endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.