CVE-2024-31215
Severity CVSS v4.0:
Pending analysis
Type:
CWE-918
Server-Side Request Forgery (SSRF)
Publication date:
04/04/2024
Last modified:
30/06/2025
Description
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile.<br />
A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When a malicious app is uploaded to Static analyzer, it is possible to make internal requests. This vulnerability has been patched in version 3.9.8.<br />
Impact
Base Score 3.x
6.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:* | 3.9.8 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/43bb71d115d78c03faa82d75445dd908e9b32716
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2373
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wpff-wm84-x5cx
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/43bb71d115d78c03faa82d75445dd908e9b32716
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2373
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wpff-wm84-x5cx