Compliance Impact

The vulnerability allows an authenticated user to escalate their privileges to full administrative access by modifying their own user_role via the /user/update endpoint. This unauthorized privilege escalation can lead to unauthorized access and control over sensitive data, including all users, teams, keys, models, and prompt history within LiteLLM.

Such unauthorized access and control over sensitive information could potentially violate compliance requirements of common standards and regulations like GDPR and HIPAA, which mandate strict access controls and protection of personal and sensitive data.

Therefore, this vulnerability poses a significant risk to maintaining compliance with these regulations by undermining the principle of least privilege and potentially exposing sensitive data to unauthorized users.

Useful 0 Not Useful 0

Executive Summary

This vulnerability exists in LiteLLM versions prior to 1.83.10 and allows a user to modify their own user_role via the /user/update endpoint.

Although the endpoint restricts users to updating only their own account, it does not restrict which fields can be changed.

As a result, a user who can access this endpoint can set their role to proxy_admin, thereby gaining full administrative access to LiteLLM, including all users, teams, keys, models, and prompt history.

Users with the org_admin role have legitimate access to this endpoint and can exploit this vulnerability without needing to chain any additional flaws.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have a severe impact as it allows a user to escalate their privileges to full administrative access within LiteLLM.

An attacker exploiting this flaw can control all users, teams, keys, models, and prompt history, potentially leading to unauthorized data access, modification, or deletion.

Such unauthorized administrative access can compromise the confidentiality, integrity, and availability of the system and its data.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves unauthorized modification of the user_role field via the /user/update endpoint in LiteLLM versions prior to 1.83.10. Detection can focus on monitoring API requests to this endpoint for attempts to change the user_role field by non-proxy_admin users.

You can detect exploitation attempts by inspecting logs or network traffic for POST or PATCH requests to /user/update that include changes to the user_role field from users who are not proxy_admin.

Example commands to detect such activity might include:

• Using grep on server logs to find suspicious updates: grep -i '/user/update' /path/to/litellm/logs | grep 'user_role'
• Using network monitoring tools like tcpdump or Wireshark to filter HTTP requests to /user/update containing user_role changes.
• Querying application logs or database audit logs for changes to the user_role field by users without proxy_admin privileges.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade LiteLLM to version 1.83.10 or later, where this vulnerability has been patched by restricting user_role modifications to proxy administrators only.

If immediate upgrade is not possible, restrict access to the /user/update endpoint to trusted users only, and monitor for suspicious role changes.

Additionally, review and tighten access controls around user role management and audit any recent changes to user roles to detect potential exploitation.

Useful 0 Not Useful 0