CVE-2024-41955
published 2024-07-31CVE-2024-41955: Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability…
PriorityP430medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
0.92%
55.9th percentile
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mobsf | mobile-security-framework-mobsf | < 4.0.5 | 4.0.5 |
| opensecurity | mobile_security_framework | < 4.0.5 | 4.0.5 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MobSF vulnerable to Open Redirect in Login Redirect
ghsa·2024-07-31
CVE-2024-41955 [MEDIUM] CWE-601 MobSF vulnerable to Open Redirect in Login Redirect
MobSF vulnerable to Open Redirect in Login Redirect
### Impact
_What kind of vulnerability is it? Who is impacted?_
An open redirect vulnerability exist in MobSF authentication view.
PoC
1. Go to http://127.0.0.1:8000/login/?next=//afine.com in a web browser.
2. Enter credentials and press "Sign In".
3. You will be redirected to [afine.com](http://afine.com/)
Users who are not using authentication are not impacted.
### Patches
_Has the problem been patched? What versions should users upgrade to?_
Update to MobSF v4.0.5
### Workarounds
_Is there a way for users to fix or remediate the vulnerability without upgrading?_
Disable Authentication
### References
_Are there any links users can visit to find out more?_
Fix: https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/fdaa
OSV
MobSF vulnerable to Open Redirect in Login Redirect
osv·2024-07-31
CVE-2024-41955 [MEDIUM] MobSF vulnerable to Open Redirect in Login Redirect
MobSF vulnerable to Open Redirect in Login Redirect
### Impact
_What kind of vulnerability is it? Who is impacted?_
An open redirect vulnerability exist in MobSF authentication view.
PoC
1. Go to http://127.0.0.1:8000/login/?next=//afine.com in a web browser.
2. Enter credentials and press "Sign In".
3. You will be redirected to [afine.com](http://afine.com/)
Users who are not using authentication are not impacted.
### Patches
_Has the problem been patched? What versions should users upgrade to?_
Update to MobSF v4.0.5
### Workarounds
_Is there a way for users to fix or remediate the vulnerability without upgrading?_
Disable Authentication
### References
_Are there any links users can visit to find out more?_
Fix: https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/fdaa
No detection rules found.
Nuclei
Open Redirect in Login Redirect - MobSF
nuclei·CVSS 5.4
CVE-2024-41955 [MEDIUM] Open Redirect in Login Redirect - MobSF
Open Redirect in Login Redirect - MobSF
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view.
Template:
id: CVE-2024-41955
info:
name: Open Redirect in Login Redirect - MobSF
author: Farish
severity: medium
description: |
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view.
remediation: |
Update Mobile Security Framework (MobSF) to the latest version that includes the fix from commit fdaad81.
impact: |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishi
No writeups or analysis indexed.
2024-07-31
Published