CVE-2023-42261

{"id": "CVE-2023-42261", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-09-21T22:15:11.823", "references": [{"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/abb47659a19ac772765934f184c65fe16cb3bee7/docker-compose.yml#L30-L31", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1211", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/748", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/woshinibaba222/hack16/blob/main/Unauthorized%20Access%20to%20MobSF.md", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server."}, {"lang": "es", "value": "** EN DISPUTA ** Mobile Security Framework (MobSF) &lt;=v3.7.8 Beta es vulnerable a permisos inseguros. NOTA: la posici\u00f3n del proveedor es que la autenticaci\u00f3n no se implementa intencionalmente porque el producto no est\u00e1 dise\u00f1ado para un entorno de red que no sea de confianza. Los casos de uso que requieran autenticaci\u00f3n podr\u00edan, por ejemplo, utilizar un servidor proxy inverso."}], "lastModified": "2024-05-17T02:28:50.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33891183-C56B-4054-8CC8-5AE4BF10C711", "versionEndIncluding": "3.7.6"}, {"criteria": "cpe:2.3:a:opensecurity:mobile_security_framework:3.7.8:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B56DF4FF-DDE6-493B-AD2D-90F6BB147E3B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}