LiteLLM - Supply Chain Attack Compromises Python Package
Basically, LiteLLM got hacked through a tool it used for security checks.
LiteLLM has been compromised due to a supply chain attack via Trivy, exposing user credentials. Users must take immediate action to secure their accounts and rotate any compromised tokens.
The Flaw
LiteLLM, an open-source Python interface for large language models, faced a significant security breach. Two versions, v1.82.7 and v1.82.8, were found to contain malicious code that could steal user credentials. This vulnerability stemmed from a misconfiguration in the CI/CD pipeline that utilized Trivy, an open-source vulnerability scanner. The attackers exploited this flaw to inject harmful code into the project.
The attack began in late February when the attackers gained access to a privileged access token. This token was crucial for manipulating the CI/CD pipeline. By March 19, they had published a malicious release of Trivy, which further compromised the integrity of LiteLLM.
What's at Risk
The consequences of this breach are severe for any users of LiteLLM. Anyone who has installed the affected versions should assume that their credentials, including sensitive access tokens, may have been exposed. The Python Packaging Authority (PyPA) has issued a security advisory, urging users to revoke and rotate any credentials associated with LiteLLM.
Security experts highlight that the attackers' methods were sophisticated. By modifying existing version tags in the GitHub Action script for Trivy, they managed to inject malicious code into workflows that organizations were already using. This means that many CI/CD pipelines continued to run without any indication of the underlying changes, putting countless users at risk.
Patch Status
In response to the attack, the LiteLLM team has taken immediate action. They have removed the compromised versions from the Python Package Index (PyPI) and deleted all publishing tokens associated with the project. The CEO of Berri AI, which maintains LiteLLM, stated that they are reviewing their security measures to prevent future breaches. This includes considering trusted publishing methods and potentially moving to a different PyPI account.
Despite these efforts, the situation underscores the importance of maintaining strict security protocols within CI/CD environments. The reliance on version tags rather than pinned commits can lead to vulnerabilities that are difficult to detect.
Immediate Actions
For users of LiteLLM, immediate action is necessary. Here are some steps to take:
- Revoke any exposed credentials: If you have used LiteLLM, assume your credentials are compromised.
- Rotate tokens and passwords: Ensure that all access tokens and passwords associated with your LiteLLM environment are changed.
- Monitor for suspicious activity: Keep an eye on your accounts for any unauthorized access or unusual behavior.
By taking these steps, users can mitigate the risks associated with this breach. As the cybersecurity landscape evolves, it is crucial to stay vigilant and proactive in protecting sensitive information.