CP
cyberpings
VulnerabilitiesHIGH

LiteLLM - Supply Chain Attack Compromises Python Package

REThe Register Security
LiteLLMTrivyAqua Security
🎯

Basically, LiteLLM got hacked through a tool it used for security checks.

Quick Summary

LiteLLM has been compromised due to a supply chain attack via Trivy, exposing user credentials. Users must take immediate action to secure their accounts and rotate any compromised tokens.

The Flaw

LiteLLM, an open-source Python interface for large language models, faced a significant security breach. Two versions, v1.82.7 and v1.82.8, were found to contain malicious code that could steal user credentials. This vulnerability stemmed from a misconfiguration in the CI/CD pipeline that utilized Trivy, an open-source vulnerability scanner. The attackers exploited this flaw to inject harmful code into the project.

The attack began in late February when the attackers gained access to a privileged access token. This token was crucial for manipulating the CI/CD pipeline. By March 19, they had published a malicious release of Trivy, which further compromised the integrity of LiteLLM.

What's at Risk

The consequences of this breach are severe for any users of LiteLLM. Anyone who has installed the affected versions should assume that their credentials, including sensitive access tokens, may have been exposed. The Python Packaging Authority (PyPA) has issued a security advisory, urging users to revoke and rotate any credentials associated with LiteLLM.

Security experts highlight that the attackers' methods were sophisticated. By modifying existing version tags in the GitHub Action script for Trivy, they managed to inject malicious code into workflows that organizations were already using. This means that many CI/CD pipelines continued to run without any indication of the underlying changes, putting countless users at risk.

Patch Status

In response to the attack, the LiteLLM team has taken immediate action. They have removed the compromised versions from the Python Package Index (PyPI) and deleted all publishing tokens associated with the project. The CEO of Berri AI, which maintains LiteLLM, stated that they are reviewing their security measures to prevent future breaches. This includes considering trusted publishing methods and potentially moving to a different PyPI account.

Despite these efforts, the situation underscores the importance of maintaining strict security protocols within CI/CD environments. The reliance on version tags rather than pinned commits can lead to vulnerabilities that are difficult to detect.

Immediate Actions

For users of LiteLLM, immediate action is necessary. Here are some steps to take:

  • Revoke any exposed credentials: If you have used LiteLLM, assume your credentials are compromised.
  • Rotate tokens and passwords: Ensure that all access tokens and passwords associated with your LiteLLM environment are changed.
  • Monitor for suspicious activity: Keep an eye on your accounts for any unauthorized access or unusual behavior.

By taking these steps, users can mitigate the risks associated with this breach. As the cybersecurity landscape evolves, it is crucial to stay vigilant and proactive in protecting sensitive information.

🔒 Pro insight: This incident highlights the critical need for robust security practices in CI/CD pipelines, especially regarding dependency management.

Original article from

The Register Security

Read Full Article

Share

Related Pings

CRITICALVulnerabilities

Vulnerabilities - Citrix Patches Critical NetScaler ADC Bug

Citrix has patched a critical vulnerability in NetScaler ADC devices. Organizations using SAML Identity Provider configurations are at risk. Immediate patching is essential to prevent potential data breaches.

SC Media·
HIGHVulnerabilities

Apple Security Advisory - Critical Vulnerabilities Patched

Apple has issued critical security updates for multiple operating systems. Users must update their devices to avoid serious vulnerabilities. Protecting your data is essential in this digital age.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Pharmacy Cyberattack - Warning for Healthcare Security Weaknesses

A major cyberattack on Change Healthcare left millions of patients without access to their medications. This incident underscores the urgent cybersecurity vulnerabilities in healthcare. With losses reaching over $100 million daily, the need for robust defenses is clear. The healthcare sector must act swiftly to prevent such disruptions in the future.

Huntress Blog·
HIGHVulnerabilities

Vulnerabilities - Internet-exposed EoL Microsoft IIS Servers Persist

Over 511,000 outdated Microsoft IIS servers are still online, posing high risks, especially in the U.S. and China. Urgent updates or replacements are necessary to protect against attacks.

SC Media·
HIGHVulnerabilities

Dell Wyse Management Vulnerabilities - System Compromise Risk

Dell Wyse Management Suite has critical vulnerabilities allowing attackers to gain complete system control. Organizations must update their systems immediately to avoid exploitation. This is a serious risk that could lead to data breaches and operational disruptions.

Cyber Security News·
MEDIUMVulnerabilities

Vulnerability in Schneider Electric EcoStruxure Foxboro DCS

A vulnerability has been detected in Schneider Electric's EcoStruxure Foxboro DCS software. This affects workstations and servers, posing risks of data breaches and operational disruptions. Immediate action is required to apply patches and secure systems.

CISA Advisories·