CVE-2024-5710 MEDIUM

CVE-2024-5710: Improper Access Control in Team Management in berriai/litellm

Vendor Berriai
Product berriai/litellm
Weakness CWE-862 · Missing authorization
Published June 27, 2024
Last update October 15, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.

Key dates

02Disclosure timeline

June 27, 2024 CVE published
October 15, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-10938 UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure CVE-2026-57332 WordPress Wallet System for WooCommerce plugin <= 2.7.6 - Broken Access Control vulnerability CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update CVE-2026-34886 WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability CVE-2025-30883 WordPress Trust.Reviews plugin <= 2.3 - Broken Access Control vulnerability