exploitDog

CVE-2025-0330

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests.

Ссылки

https://huntr.com/bounties/661b388a-44d8-4ad5-862b-4dc5b80be30a
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:litellm:litellm:1.52.1:-:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00133

Низкий

7.5 High

CVSS3

Дефекты

CWE-1230

Связанные уязвимости

GHSA-879v-fggm-vxw2

CVSS3: 7.5

github

11 месяцев назад

LiteLLM Has a Leakage of Langfuse API Keys

EPSS

Процентиль: 34%

0.00133

Низкий

7.5 High

CVSS3

Дефекты

CWE-1230