Exposure of Sensitive Information Through Metadata

CVE-2025-0330

High

7.5/10

Summary

The package litellm versions , an issue in "proxy_server.py" causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including "langfuse_secret" and "langfuse_public_key", which can provide full access to the Langfuse project storing all requests.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-1230 - Exposure of Sensitive Information Through Metadata

The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.

References

Advisory
Disclosure

Advisory Timeline

Published Mar 20, 2025

Exposure of Sensitive Information Through Metadata

CVE-2025-0330

Summary

CWE-1230 - Exposure of Sensitive Information Through Metadata

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS