Cyber Resilience

CVE-2024-39722

HighPublic PoC

Published: 31 October 2024

Published
31 October 2024
Modified
13 May 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.6217 98.4th percentile
Risk Priority 52 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39722 is a high-severity Path Traversal (CWE-22) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked in the top 1.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), Exfiltration via AI Inference API (AML.T0024).

Deeper analysis

CVE-2024-39722 is a path traversal vulnerability (CWE-22) affecting Ollama versions prior to 0.1.46. The flaw resides in the api/push route and allows an attacker to determine which files exist on the underlying server, producing a CVSS 3.1 score of 7.5 with network attack vector, low complexity, and no required authentication or user interaction.

An unauthenticated remote attacker can send crafted requests to the api/push endpoint and receive responses that reveal the presence or absence of arbitrary files on the host. This information disclosure can be leveraged to map the filesystem layout, identify sensitive configuration or model files, and support further targeted attacks against the Ollama deployment.

The issue is resolved in Ollama 0.1.46 and later. The referenced analysis from Oligo Security examines the broader implications for model-serving infrastructure and underscores the need to apply the vendor update promptly.

Ollama’s role in local LLM execution makes the vulnerability relevant to AI/ML environments; the associated EPSS score has remained near 0.62 with no material post-disclosure climb.

EU & UK References

Vulnerability details

An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Ollama is an open-source platform/framework for running LLMs locally or in cloud deployments, providing APIs for model management like push/pull, fitting 'Other Platforms' as it doesn't align precisely with frameworks, libraries, or specific AI subdomains like NLP or CV.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Why these techniques?

The path traversal vulnerability (CVE-2024-39722) in the /api/push route enables disclosure of file and directory existence on the server through error messages reflecting attempted paths, directly facilitating File and Directory Discovery (T1083).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0016: Obtain CapabilitiesAML.T0024: Exfiltration via AI Inference API

Affected Assets

ollama
ollama
≤ 0.1.46

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References