Withdrawn Advisory: Mobile Security Framework (MobSF) Vulnerable to Insecure Permissions

GHSA-cc8j-6phr-jv9x · CVE-2023-42261 · PYSEC-2023-310

Published Sep 22, 2023 · Modified Jun 10, 2026

Description

Withdrawn Advisory

This advisory has been withdrawn because the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server.

Original Description

Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-42261
WEB https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1211
WEB https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/748
PACKAGE https://github.com/MobSF/Mobile-Security-Framework-MobSF
WEB https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/abb47659a19ac772765934f184c65fe16cb3bee7/docker-compose.yml#L30-L31
WEB https://github.com/pypa/advisory-database/tree/main/vulns/mobsf/PYSEC-2023-310.yaml
WEB https://github.com/woshinibaba222/hack16/blob/main/Unauthorized%20Access%20to%20MobSF.md

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes