Cyber Resilience

CVE-2024-39719

HighPublic PoC

Published: 31 October 2024

Published
31 October 2024
Modified
13 May 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.4451 97.6th percentile
Risk Priority 42 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39719 is a high-severity Generation of Error Message Containing Sensitive Information (CWE-209) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked in the top 2.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as APIs and Models; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Adversarial AI Attack Implementations (AML.T0016.000), Invert AI Model (AML.T0024.001).

Deeper analysis

CVE-2024-39719 affects Ollama versions through 0.3.14 and stems from insufficient error handling in the CreateModel route exposed by the api/create endpoint. When a non-existent path parameter is supplied, the server returns a "File does not exist" message, disclosing the presence or absence of arbitrary files on the host filesystem. The flaw is tracked under CWE-209 and carries a CVSS 3.1 base score of 7.5.

An unauthenticated attacker with network access can repeatedly invoke the CreateModel API using crafted path values. By observing whether the error message appears, the attacker can map readable files on the server, establishing a reliable information-gathering primitive that may aid subsequent attacks.

The single reference points to analysis from Oligo Security that examines broader model-handling issues in Ollama; no vendor advisory or patch details are supplied in the available data. The associated EPSS score has reached a peak of 0.4510 with a current value of 0.4451, indicating sustained exploitation interest in this AI/ML inference platform.

EU & UK References

Vulnerability details

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker,…

more

providing a primitive for file existence on the server.

CWE(s)

AI Security AnalysisAI

AI Category
APIs and Models
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Ollama is an open-source framework providing REST APIs (e.g., /api/create, /api/pull, /api/push) for managing, pulling, pushing, and running AI models locally, particularly LLMs, making it primarily an APIs and Models software.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Why these techniques?

The vulnerability discloses file existence via error messages in the /api/create endpoint, enabling remote File and Directory Discovery (T1083).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0016.000: Adversarial AI Attack ImplementationsAML.T0024.001: Invert AI Model

Affected Assets

ollama
ollama
≤ 0.3.14

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-209

Detects error messages that leak sensitive information as evidence of disclosure.

addresses: CWE-209

The control directly mitigates generation of error messages containing sensitive authentication details by requiring obscured feedback instead of verbose responses.

addresses: CWE-209

Misdirection allows generation of misleading error messages that withhold or falsify sensitive details.

addresses: CWE-209

Explicitly requires error messages to avoid including sensitive or exploitable details while still supporting corrective action.

addresses: CWE-209

Validation ensures error messages contain only expected, non-sensitive content and blocks leakage via verbose errors.

addresses: CWE-209

Fail-safe procedures can be defined to suppress or sanitize error output, reducing generation of messages that contain sensitive information.

References