CVE-2024-39722 is a path traversal vulnerability identified in Ollama software versions before 0.1.46. The flaw exists in the api/push route, where insufficient validation of file path inputs allows attackers to traverse directories and determine the existence of arbitrary files on the server hosting Ollama. This vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). The vulnerability can be exploited remotely without any authentication or user interaction, making it accessible to any attacker with network access to the affected service. The CVSS 3.1 base score is 7.5, reflecting high severity due to the ease of exploitation and the confidentiality impact. While the vulnerability does not allow modification or deletion of files (integrity unaffected) nor does it cause denial of service (availability unaffected), the ability to enumerate files can reveal sensitive configuration files, credentials, or other critical information that could be leveraged in subsequent attacks. No patches or fixes are explicitly linked yet, and no known exploits have been reported in the wild as of the publication date. The vulnerability was reserved in June 2024 and published in October 2024, indicating recent discovery. Ollama is a platform related to AI model deployment and management, so the exposure of internal files could compromise operational security or intellectual property.

The primary impact of CVE-2024-39722 is unauthorized information disclosure. Attackers can remotely enumerate files on the server, potentially exposing sensitive data such as configuration files, API keys, credentials, or proprietary model data. This information leakage can facilitate further targeted attacks, including privilege escalation, lateral movement, or exploitation of other vulnerabilities. Although the vulnerability does not directly affect system integrity or availability, the confidentiality breach can undermine trust and security posture. Organizations deploying Ollama in production environments, especially those handling sensitive AI models or data, face increased risk of intellectual property theft or operational disruption through chained attacks. The lack of authentication and user interaction requirements broadens the attack surface, making any exposed Ollama instance vulnerable to reconnaissance by external threat actors. The absence of known exploits in the wild suggests limited active exploitation currently, but the high CVSS score and ease of exploitation warrant urgent mitigation to prevent future attacks.

1. Upgrade Ollama to version 0.1.46 or later as soon as the patch is available to eliminate the path traversal vulnerability. 2. Until an official patch is released, implement strict input validation and sanitization on the api/push route to reject any path traversal sequences such as '../' or absolute paths. 3. Employ web application firewalls (WAFs) with custom rules to detect and block path traversal attempts targeting the api/push endpoint. 4. Restrict network access to the Ollama service to trusted internal networks or VPNs, minimizing exposure to external attackers. 5. Conduct regular security audits and penetration testing focusing on file path handling and API endpoints. 6. Monitor logs for unusual requests containing suspicious path traversal patterns to detect potential exploitation attempts early. 7. Implement least privilege file system permissions for the Ollama server process to limit file visibility and access even if traversal occurs. 8. Educate development and operations teams about secure coding practices related to file path handling to prevent similar vulnerabilities in the future.