SecBoard
Zurück zur Übersicht
Red-TeamerBehördenKI-SicherheitNetwork

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

The Hacker News·
Originalartikel lesen bei The Hacker News

A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one...

MITRE ATT&CK Kill Chain (4 Techniken)

Resource Development
T1583.004

Server

T1584.004

Server

T1588.006

Vulnerabilities

Command & Control
T1090

Proxy

Vollständigen Artikel lesen bei The Hacker News

Verwandte Artikel

Council of Europe investigates ShinyHunters data breach claims

BleepingComputer·vor etwa 3 Stunden

French Government Messaging Platform Breached by Mysterious ‘Misere’ Hacker

SecurityWeek·vor etwa 8 Stunden

The FCC Wants to Eliminate Burner Phones

Schneier on Security·vor etwa 9 Stunden

FBI disrupts massive AI-powered phishing service using a million URLs

BleepingComputer·vor 1 Tag

US Gov asks Anthropic to ban 'foreign national' access to Fable, Mythos

BleepingComputer·vor 2 Tagen