Server-Side Request Forgery Vulnerability in Mobile Security Framework by MobSF
CVE-2024-31215

4.3MEDIUM

Key Information:

Vendor

MobSF

Status
Mobile Security Framework
Vendor
CVE Published:
4 April 2024

What is CVE-2024-31215?

The Mobile Security Framework (MobSF) has been identified with a Server-Side Request Forgery (SSRF) vulnerability in its firebase database check logic. This vulnerability can be exploited by an attacker to trigger internal communications within the organization’s infrastructure when a malicious application is uploaded to the Static analyzer. These internal requests can compromise sensitive internal services and lead to further exploitation if left unaddressed. This issue has been remediated in version 3.9.8 of MobSF.

References

https://github.com/MobSF/Mobile-Security-Framework-MobSF/...
https://github.com/MobSF/Mobile-Security-Framework-MobSF/...
https://github.com/MobSF/Mobile-Security-Framework-MobSF/...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.