admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 18:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create Ollama Unauthorized Access Vulnerability (CNVD-2025-04094).md

Browse Source
This commit is contained in:
Goby 2025-03-03 18:32:44 +08:00 committed by GitHub
parent 2609472261
commit cfa001041a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Ollama Unauthorized Access Vulnerability (CNVD-2025-04094).md Normal file
View File

@ -0,0 +1,14 @@
**Updated document date: October 31, 2024**
## Ollama /api/tags Unauthorized Access Vulnerability (CNVD-2025-04094)
| **Vulnerability** | Ollama /api/tags Unauthorized Access Vulnerability (CNVD-2025-04094)|
| :----: | :-----|
| **Chinese name** | Ollama /api/tags 未授权访问漏洞CNVD-2025-04094 |
| **CVSS core** | 6.50 |
| **FOFA Query** (click to view the results directly)| [app="Ollama"]
| **Number of assets affected** | 2.3W+ |
| **Description** |Ollama is an open-source Large Language Model (LLM) runtime environment and toolkit designed to help developers easily deploy, manage, and use models such as DeepSeek. Recently, it was disclosed that if Ollama directly exposes the service port (default 11434) to the public network and does not enable an authentication mechanism, remote attackers can access its high-risk interfaces without authorization. |
| **Impact** | Attackers may exploit these unauthorized interfaces to access sensitive data, abuse resources, or tamper with system configurations, further escalating the attack.
| **Affected versions** | all
![](https://s3.bmp.ovh/imgs/2025/03/03/6e1cea33e52a0487.gif)