Описание
Withdrawn Advisory: Mobile Security Framework (MobSF) Vulnerable to Insecure Permissions
Withdrawn Advisory
This advisory has been withdrawn because the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server.
Original Description
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-42261
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1211
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/748
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/abb47659a19ac772765934f184c65fe16cb3bee7/docker-compose.yml#L30-L31
- https://github.com/pypa/advisory-database/tree/main/vulns/mobsf/PYSEC-2023-310.yaml
- https://github.com/woshinibaba222/hack16/blob/main/Unauthorized%20Access%20to%20MobSF.md
Пакеты
mobsf
< 3.9.7
3.9.7
Связанные уязвимости
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server.