Improper Output Neutralization for Logs in berriai/litellm

Vulnerability

The API key masking logic in litellm/litellm_core_utils/litellm_logging.py in BerriAI/litellm before version 1.44.12 only masks the first five characters of the API key [1][2]. This results in logging almost the entire plaintext secret, with only a small portion replaced by asterisks. The vulnerability was present in version v1.44.9 [2].

Exploitation

An attacker with access to the server's log files can retrieve the full API key from the masked string, as the mask covers only the first five characters while the remainder of the key remains visible [1][2]. No special privileges are required beyond log access; the logs are generated during normal API calls and stored in standard logging destinations [2].

Impact

Exposing almost the entire API key allows an attacker to authenticate to the LLM provider service(s) that the key was intended to protect. This could lead to unauthorized use of the provider's API, data exfiltration, or financial charges incurred by the key owner [1][2].

Mitigation

The issue was fixed in commit 9094071, which updated the masking logic to only leave the last four characters of the key unmasked [3]. Users should upgrade to LiteLLM version 1.44.12 or later to apply the patch [2][3].