cbcvebase.
CVE-2023-42261
published 2023-09-21

CVE-2023-42261: Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not…

PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.69%
48.2th percentile
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server.

Affected

2 ranges
VendorProductVersion rangeFixed in
opensecuritymobile_security_framework<= 3.7.6
opensecuritymobile_security_framework
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.