CVE-2024-39719
Published: 31 October 2024
Summary
CVE-2024-39719 is a high-severity Generation of Error Message Containing Sensitive Information (CWE-209) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked in the top 2.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Adversarial AI Attack Implementations (AML.T0016.000), Invert AI Model (AML.T0024.001).
Deeper analysis
CVE-2024-39719 affects Ollama versions through 0.3.14 and stems from insufficient error handling in the CreateModel route exposed by the api/create endpoint. When a non-existent path parameter is supplied, the server returns a "File does not exist" message, disclosing the presence or absence of arbitrary files on the host filesystem. The flaw is tracked under CWE-209 and carries a CVSS 3.1 base score of 7.5.
An unauthenticated attacker with network access can repeatedly invoke the CreateModel API using crafted path values. By observing whether the error message appears, the attacker can map readable files on the server, establishing a reliable information-gathering primitive that may aid subsequent attacks.
The single reference points to analysis from Oligo Security that examines broader model-handling issues in Ollama; no vendor advisory or patch details are supplied in the available data. The associated EPSS score has reached a peak of 0.4510 with a current value of 0.4451, indicating sustained exploitation interest in this AI/ML inference platform.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-38204
Vulnerability details
An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker,…
more
providing a primitive for file existence on the server.
- CWE(s)
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Ollama is an open-source framework providing REST APIs (e.g., /api/create, /api/pull, /api/push) for managing, pulling, pushing, and running AI models locally, particularly LLMs, making it primarily an APIs and Models software.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability discloses file existence via error messages in the /api/create endpoint, enabling remote File and Directory Discovery (T1083).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Detects error messages that leak sensitive information as evidence of disclosure.
The control directly mitigates generation of error messages containing sensitive authentication details by requiring obscured feedback instead of verbose responses.
Misdirection allows generation of misleading error messages that withhold or falsify sensitive details.
Explicitly requires error messages to avoid including sensitive or exploitable details while still supporting corrective action.
Validation ensures error messages contain only expected, non-sensitive content and blocks leakage via verbose errors.
Fail-safe procedures can be defined to suppress or sanitize error output, reducing generation of messages that contain sensitive information.