{"id":"PYSEC-2023-310","details":"Mobile Security Framework (MobSF) \u003c=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server.","aliases":["CVE-2023-42261"],"modified":"2025-04-21T05:57:15.366091Z","published":"2023-09-21T22:15:11Z","references":[{"type":"REPORT","url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1211"},{"type":"REPORT","url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/748"},{"type":"EVIDENCE","url":"https://github.com/woshinibaba222/hack16/blob/main/Unauthorized%20Access%20to%20MobSF.md"},{"type":"FIX","url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/abb47659a19ac772765934f184c65fe16cb3bee7/docker-compose.yml#L30-L31"}],"affected":[{"package":{"name":"mobsf","ecosystem":"PyPI","purl":"pkg:pypi/mobsf"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.9.7"}]}],"versions":["3.2.6","3.2.7","3.2.8","3.2.9","3.3.3","3.3.5","3.4.0","3.4.3","3.4.6","3.5.0","3.6.0","3.6.9","3.7.6"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/mobsf/PYSEC-2023-310.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}