Vulnerability Description
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When a malicious app is uploaded to Static analyzer, it is possible to make internal requests. This vulnerability has been patched in version 3.9.8.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensecurity | Mobile Security Framework | < 3.9.8 |
Related Weaknesses (CWE)
References
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/43bb71d115d78c03Patch
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2373Issue TrackingPatch
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSVendor Advisory
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/43bb71d115d78c03Patch
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2373Issue TrackingPatch
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSVendor Advisory
FAQ
What is CVE-2024-31215?
CVE-2024-31215 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can ca...
How severe is CVE-2024-31215?
CVE-2024-31215 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-31215?
Check the references section above for vendor advisories and patch information. Affected products include: Opensecurity Mobile Security Framework.