CVE-2023-42261 – mobsf

Package

Manager: pip
Name: mobsf
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: N/A

EPSS: 0.0016 pctl0.37428

Details

Withdrawn Advisory: Mobile Security Framework (MobSF) Vulnerable to Insecure Permissions ## Withdrawn Advisory This advisory has been withdrawn because the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server. ## Original Description Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions.

Metadata

Created: 2023-09-22T00:30:29Z
Modified: 2025-04-10T14:29:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-cc8j-6phr-jv9x/GHSA-cc8j-6phr-jv9x.json
CWE IDs: ["CWE-276"]
Alternative ID: GHSA-cc8j-6phr-jv9x
Finding: F164
Auto approve: 1