제출 #811281: litellm <= 1.82.2 Insufficient Session Expiration (CWE-613)정보

제목	litellm <= 1.82.2 Insufficient Session Expiration (CWE-613)
설명	# Technical Details A Broken Session Management vulnerability exists in the `authenticate_user()` and `create_ui_token_object()` logic within `litellm/proxy/auth/login_utils.py` of litellm. During a recent migration to stateless Admin UI JWT Auth, the logic continuing to generate a permanent database-backed proxy admin HTTP API key on every `/login` was inadvertently preserved and never expired prior existing keys. # Vulnerable Code File: `litellm/proxy/auth/login_utils.py` Method: `authenticate_user()`, `create_ui_token_object()` Why: `generate_key_helper_fn(request_type="key")` forces the creation of a physical database token (`LiteLLM_VerificationToken`) mapping to the `PROXY_ADMIN` role on every UI login. The token is directly leaked into the stateless JWT payload, and previous calls to `expire_previous_ui_session_tokens` were permanently removed. # Reproduction 1. Authenticate to the Admin UI `/login` using standard credentials. Capture the resulting `token` cookie containing the JWT. 2. Base64 decode the JWT payload body to immediately expose the embedded permanent database API key (`sk-...`). 3. Leverage this exposed key directly as an `Authorization: Bearer` token against management endpoints. 4. Iterate the login to prove accumulation: prior database keys are never retired and continue to act as independent backdoor admin tokens valid for a full 12-hour backend scope constraint. # Impact - Exposure of Sensitive Data: Static Admin API Keys are leaked plainly in client-side JWTs. - Token Accumulation / Bad Session Scope: Malicious users or intercepted sessions retain indefinite privileges even after the UI triggers a logout or clears the local cache, completely destroying invalidation mechanisms.
원천	⚠️ https://gist.github.com/YLChen-007/39ed709ce322431658a05b951e91f278
사용자	Eric-c (UID 96848)
제출	2026. 04. 23. AM 09:56 (2 개월 ago)
모더레이션	2026. 06. 20. AM 11:26 (2 months later)
상태	수락
VulDB 항목	372514 [BerriAI litellm 까지 1.82.2 PROXY_ADMIN database API Key Generator login_utils.py authenticate_user 약한 인증]
포인트들	20

◂ 이전 개요 다음 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!