← back
CVE-2024-41955

Mobile Security Framework (MobSF) has an Open Redirect in Login Redirect

CVSS 5.2 MEDIUMEPSS 0.9%CWE-601
Vexday Risk Score
28Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 5.2EPSS 0.9%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
31 Jul 2024Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N
Affected products
MobSF · Mobile-Security-Framework-MobSF

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/fdaad81314f393d324c1ede79627e9d47986c8c8https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4