CVE-2024-9606

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-117
View all →

Vulnerability Description

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount of the secret key. The issue affects version v1.44.9.

Related Vulnerabilities

CVE-2020-25646

HIGH
CVSS:7.5(High)

A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality

CWE-1172020

CVE-2024-47083

HIGH
CVSS:7.5(High)

Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive...

CWE-1172024

CVE-2024-8297

MEDIUM
CVSS:7.5(High)

A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_...

CWE-1172024

CVE-2019-14846

HIGH
CVSS:7.3(High)

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin ...

CWE-1172019

CVE-2019-14858

HIGH
CVSS:7.3(High)

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to...

CWE-1172019

CVE-2024-32474

HIGH
CVSS:7.3(High)

Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs...

CWE-1172024