| 제목 | litellm <= 1.82.2 Improper Authorization (CWE-285) |
|---|
| 설명 | # Technical Details
An Authentication Bypass vulnerability exists in the `litellm/proxy/auth/user_api_key_auth.py` file of litellm.
The application fails to apply the same route guard restrictions (`is_llm_api_route` and `is_info_route`) to JWT Machine-to-Machine (M2M) authentication that were properly implemented for OAuth2 M2M auth. This enables JWT tokens to bypass UI Single Sign-On (SSO) separation.
# Vulnerable Code
File: `litellm/proxy/auth/user_api_key_auth.py`
Method: M2M Token Validation Loop
Why: When `enable_jwt_auth` is configured, if the JWT matches the `admin_jwt_scope`, the system blindly generates a `UserAPIKeyAuth` object with the `PROXY_ADMIN` role for ANY route, without validating whether the endpoint requested is an administrative UI management endpoint (like `/user/new`) or a simple LLM inference path.
# Reproduction
1. Deploy LiteLLM with `enable_jwt_auth: true` and configure a JWKS identity provider.
2. Mint a JWT bearing the `litellm_proxy_admin` scope through the mock/production identity provider.
3. Submit a POST request to a UI Management endpoint using the JWT: `curl -X POST http://localhost:4000/user/new -H "Authorization: Bearer <JWT_TOKEN>" -H "Content-Type: application/json" -d '{"user_email": "[email protected]"}'`
4. The system completely bypasses the SSO login requirement and grants administrative execution of the proxy management action.
# Impact
- Severe Administrative Privilege Escalation to fully control the UI Proxy backend.
- Unauthorized creation of new users, teams, and API keys, completely subverting budget and architectural constraints. |
|---|
| 원천 | ⚠️ https://gist.github.com/YLChen-007/70e4e106527f74ddf17953ff0f6c248d |
|---|
| 사용자 | Eric-c (UID 96848) |
|---|
| 제출 | 2026. 04. 23. AM 09:56 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 06. 20. AM 11:26 (2 months later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 372513 [BerriAI litellm 까지 1.82.2 M2M JWT user_api_key_auth.py 권한 상승] |
|---|
| 포인트들 | 20 |
|---|