Invia #811287: litellm <= 1.82.2 Insufficient Session Expiration (CWE-613)informazioni

Titololitellm <= 1.82.2 Insufficient Session Expiration (CWE-613)
Descrizione# Technical Details An Insecure Session Management vulnerability exists in the `get_redirect_response_from_openid` method in `litellm/proxy/management_endpoints/ui_sso.py` of litellm. The application fails to track, expire, or invalidate active state sessions upon the successful issuance of a new SSO authorization request, establishing a parallel accumulation of multiple perpetual proxy tokens for the same user. # Vulnerable Code File: `litellm/proxy/management_endpoints/ui_sso.py` Method: `get_redirect_response_from_openid` Why: A new entry is appended to `LiteLLM_VerificationToken` every time `generate_key_helper_fn` resolves during a successful callback. However, no matching database call is implemented to delete or flag older row entries for the active `user_id`. Each generated session persists completely orphaned until manual time-based 24h expiration completes. # Reproduction 1. Execute a generalized SSO Login for `[email protected]` routing through the proxy system (`/sso/key/generate`). Record Login 1's backend `token` (e.g. `sk-TokenBaseA...`). 2. Repeat the process generating a concurrent Login 2 containing `sk-TokenBaseB...`. 3. Use `sk-TokenBaseA...` against any target Management component and observe complete 200 HTTP Success authentication responses despite the later active window. # Impact - Token Accumulation creating unnecessary processing volume limitations. - Persistent unauthorized administrative access whereby clearing cookies or forcing re-auth accomplishes absolutely nothing to mitigate previously compromised backend token materials.
Fonte⚠️ https://gist.github.com/YLChen-007/5fa8af12e1b183674d7ca96d852fb697
Utente
 Eric-c (UID 96848)
Sottomissione23/04/2026 10:08 (2 mesi fa)
Moderazione20/06/2026 19:12 (2 months later)
StatoAccettato
Voce VulDB372558 [BerriAI litellm fino a 1.82.2 SSO Authentication Flow ui_sso.py get_redirect_response_from_openid autenticazione debole]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Might our Artificial Intelligence support you?

Check our Alexa App!