Information disclosure via local file read in test connection endpoint
Summary
Information disclosure via local file read in test connection endpoint. Red Hat rates this moderate (CVSS 4.9). Weakness: CWE-22.
- < 1.83.10-stable
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 1.83.10
- 1.83.10-stable
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Upgrade to litellm >= 1.83.14. If upgrading is not immediately possible, restrict network access to the LiteLLM Proxy Server administrative API (including /health/test_connection) to trusted, authenticated proxy/team administrators only, and avoid setting LITELLM_OIDC_ALLOWED_CREDENTIAL_DIRS or OIDC file secret providers to sensitive filesystem paths.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.