CVE-2024-41955 - Vulnerability Details - OpenCVE

Description

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5.

Published: 2024-07-31

Score: 5.2 Medium

EPSS: 14.1% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

MobSF

Mobile-Security-Framework-MobSF

affected

Version	Status	Constraints
`< 4.0.5`	affected	—

Configuration 1 [-]

cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-8m9j-2f32-2vx4	MobSF vulnerable to Open Redirect in Login Redirect

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.14051.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/fdaad81314f393d324c1ede79627e9d47986c8c8
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4

History

Thu, 15 Aug 2024 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Opensecurity Opensecurity mobile Security Framework
CPEs		cpe:2.3:a:opensecurity:mobile_security_framework::::::::
Vendors & Products		Opensecurity Opensecurity mobile Security Framework

Subscriptions

Opensecurity Mobile Security Framework

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-31T19:21:16.048Z

Updated: 2024-08-01T13:40:36.551Z

Reserved: 2024-07-24T16:51:40.949Z

Link: CVE-2024-41955

Vulnrichment

Updated: 2024-08-01T13:40:31.402Z

NVD

Status : Analyzed

Published: 2024-07-31T20:15:06.793

Modified: 2024-08-15T14:10:40.157

Link: CVE-2024-41955

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-601

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41955", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-07-24T16:51:40.949Z", "datePublished": "2024-07-31T19:21:16.048Z", "dateUpdated": "2024-08-01T13:40:36.551Z"}, "containers": {"cna": {"title": "Mobile Security Framework (MobSF) has an Open Redirect in Login Redirect", "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "lang": "en", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4"}, {"name": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/fdaad81314f393d324c1ede79627e9d47986c8c8", "tags": ["x_refsource_MISC"], "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/fdaad81314f393d324c1ede79627e9d47986c8c8"}], "affected": [{"vendor": "MobSF", "product": "Mobile-Security-Framework-MobSF", "versions": [{"version": "< 4.0.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-31T19:21:16.048Z"}, "descriptions": [{"lang": "en", "value": "Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5."}], "source": {"advisory": "GHSA-8m9j-2f32-2vx4", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T13:40:25.867626Z", "id": "CVE-2024-41955", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T13:40:36.551Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41955", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-01T13:40:25.867626Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T13:40:31.402Z"}}], "cna": {"title": "Mobile Security Framework (MobSF) has an Open Redirect in Login Redirect", "source": {"advisory": "GHSA-8m9j-2f32-2vx4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "MobSF", "product": "Mobile-Security-Framework-MobSF", "versions": [{"status": "affected", "version": "< 4.0.5"}]}], "references": [{"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4", "name": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/fdaad81314f393d324c1ede79627e9d47986c8c8", "name": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/fdaad81314f393d324c1ede79627e9d47986c8c8", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-31T19:21:16.048Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41955", "state": "PUBLISHED", "dateUpdated": "2024-08-01T13:40:36.551Z", "dateReserved": "2024-07-24T16:51:40.949Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-07-31T19:21:16.048Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "1379CCAF-9D62-4D48-869D-09D6FB3D4326", "versionEndExcluding": "4.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5."}, {"lang": "es", "value": " Mobile Security Framework (MobSF) es una plataforma de investigaci\u00f3n de seguridad para aplicaciones m\u00f3viles en Android, iOS y Windows Mobile. Existe una vulnerabilidad de redireccionamiento abierto en la vista de autenticaci\u00f3n de MobSF. Actualizaci\u00f3n a MobSF v4.0.5."}], "id": "CVE-2024-41955", "lastModified": "2024-08-15T14:10:40.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-07-31T20:15:06.793", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/fdaad81314f393d324c1ede79627e9d47986c8c8"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "security-advisories@github.com", "type": "Secondary"}]}