Server-Side Request Forgery Vulnerability in Mobile Security Framework by MobSF
CVE-2024-31215

Currently unrated

Key Information:

Vendor: MobSF
Status: Mobile Security Framework
Vendor: CVE Published:; 4 April 2024

What is CVE-2024-31215?

The Mobile Security Framework (MobSF) has been identified with a Server-Side Request Forgery (SSRF) vulnerability in its firebase database check logic. This vulnerability can be exploited by an attacker to trigger internal communications within the organization’s infrastructure when a malicious application is uploaded to the Static analyzer. These internal requests can compromise sensitive internal services and lead to further exploitation if left unaddressed. This issue has been remediated in version 3.9.8 of MobSF.

References

https://github.com/MobSF/Mobile-Security-Framework-MobSF/...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2024