CVE-2023-42261

Name of the Vulnerable Software and Affected Versions Mobile Security Framework (MobSF) versions <=3.7.8 Beta

Description The issue is related to Insecure Permissions. The vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could use a reverse proxy server.

Recommendations For Mobile Security Framework (MobSF) versions <=3.7.8 Beta, consider using a reverse proxy server to implement authentication, as the product itself does not have authentication implemented by design. At the moment, there is no information about a newer version that contains a fix for this vulnerability.