CVE-2024-39722
Published: 31 October 2024
Summary
CVE-2024-39722 is a high-severity Path Traversal (CWE-22) vulnerability in Ollama Ollama. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked in the top 1.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), Exfiltration via AI Inference API (AML.T0024).
Deeper analysis
CVE-2024-39722 is a path traversal vulnerability (CWE-22) affecting Ollama versions prior to 0.1.46. The flaw resides in the api/push route and allows an attacker to determine which files exist on the underlying server, producing a CVSS 3.1 score of 7.5 with network attack vector, low complexity, and no required authentication or user interaction.
An unauthenticated remote attacker can send crafted requests to the api/push endpoint and receive responses that reveal the presence or absence of arbitrary files on the host. This information disclosure can be leveraged to map the filesystem layout, identify sensitive configuration or model files, and support further targeted attacks against the Ollama deployment.
The issue is resolved in Ollama 0.1.46 and later. The referenced analysis from Oligo Security examines the broader implications for model-serving infrastructure and underscores the need to apply the vendor update promptly.
Ollama’s role in local LLM execution makes the vulnerability relevant to AI/ML environments; the associated EPSS score has remained near 0.62 with no material post-disclosure climb.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-38206
Vulnerability details
An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Ollama is an open-source platform/framework for running LLMs locally or in cloud deployments, providing APIs for model management like push/pull, fitting 'Other Platforms' as it doesn't align precisely with frameworks, libraries, or specific AI subdomains like NLP or CV.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The path traversal vulnerability (CVE-2024-39722) in the /api/push route enables disclosure of file and directory existence on the server through error messages reflecting attempted paths, directly facilitating File and Directory Discovery (T1083).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.