Submit #811287: litellm <= 1.82.2 Insufficient Session Expiration (CWE-613)info

Titellitellm <= 1.82.2 Insufficient Session Expiration (CWE-613)
Beschreibung# Technical Details An Insecure Session Management vulnerability exists in the `get_redirect_response_from_openid` method in `litellm/proxy/management_endpoints/ui_sso.py` of litellm. The application fails to track, expire, or invalidate active state sessions upon the successful issuance of a new SSO authorization request, establishing a parallel accumulation of multiple perpetual proxy tokens for the same user. # Vulnerable Code File: `litellm/proxy/management_endpoints/ui_sso.py` Method: `get_redirect_response_from_openid` Why: A new entry is appended to `LiteLLM_VerificationToken` every time `generate_key_helper_fn` resolves during a successful callback. However, no matching database call is implemented to delete or flag older row entries for the active `user_id`. Each generated session persists completely orphaned until manual time-based 24h expiration completes. # Reproduction 1. Execute a generalized SSO Login for `[email protected]` routing through the proxy system (`/sso/key/generate`). Record Login 1's backend `token` (e.g. `sk-TokenBaseA...`). 2. Repeat the process generating a concurrent Login 2 containing `sk-TokenBaseB...`. 3. Use `sk-TokenBaseA...` against any target Management component and observe complete 200 HTTP Success authentication responses despite the later active window. # Impact - Token Accumulation creating unnecessary processing volume limitations. - Persistent unauthorized administrative access whereby clearing cookies or forcing re-auth accomplishes absolutely nothing to mitigate previously compromised backend token materials.
Quelle⚠️ https://gist.github.com/YLChen-007/5fa8af12e1b183674d7ca96d852fb697
Benutzer
 Eric-c (UID 96848)
Einreichung23.04.2026 10:08 (vor 2 Monaten)
Moderieren20.06.2026 19:12 (2 months later)
StatusAkzeptiert
VulDB Eintrag372558 [BerriAI litellm bis 1.82.2 SSO Authentication Flow ui_sso.py get_redirect_response_from_openid schwache Authentisierung]
Punkte20

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!