GHSA-cc8j-6phr-jv9x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cc8j-6phr-jv9x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-cc8j-6phr-jv9x/GHSA-cc8j-6phr-jv9x.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-cc8j-6phr-jv9x
- Withdrawn
- 2025-04-10T14:29:56Z
- Published
- 2023-09-22T00:30:29Z
- Modified
- 2025-04-21T05:47:24.796875Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Withdrawn Advisory: Mobile Security Framework (MobSF) Vulnerable to Insecure Permissions
- Details
-
Withdrawn Advisory
This advisory has been withdrawn because the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server.
Original Description
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions.
- Database specific
{ "nvd_published_at": "2023-09-21T22:15:11Z", "cwe_ids": [ "CWE-276" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2025-04-10T14:27:17Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-42261
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1211
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/748
- https://github.com/MobSF/Mobile-Security-Framework-MobSF
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/abb47659a19ac772765934f184c65fe16cb3bee7/docker-compose.yml#L30-L31
- https://github.com/pypa/advisory-database/tree/main/vulns/mobsf/PYSEC-2023-310.yaml
- https://github.com/woshinibaba222/hack16/blob/main/Unauthorized%20Access%20to%20MobSF.md
Affected packages
PyPI / mobsf
Package
- Name
- mobsf
- View open source insights on deps.dev
- Purl
- pkg:pypi/mobsf