| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| The vulnerability of the Mobile Security Framework (MobSF), which involves redirecting URLs to unreliable websites, allows attackers to carry out phishing attacks using specially created malicious links. | 19 Aug 202400:00 | – | bdu_fstec | |
| CVE-2024-41955 | 31 Jul 202418:52 | – | circl | |
| Mobile Security Framework 安全漏洞 | 31 Jul 202400:00 | – | cnnvd | |
| CVE-2024-41955 | 31 Jul 202419:21 | – | cve | |
| CVE-2024-41955 Mobile Security Framework (MobSF) has an Open Redirect in Login Redirect | 31 Jul 202419:21 | – | cvelist | |
| EUVD-2024-2299 | 31 Jul 202419:21 | – | euvd | |
| MobSF vulnerable to Open Redirect in Login Redirect | 31 Jul 202420:54 | – | github | |
| CVE-2024-41955 | 31 Jul 202420:15 | – | nvd | |
| CVE-2024-41955 Mobile Security Framework (MobSF) has an Open Redirect in Login Redirect | 31 Jul 202419:21 | – | osv | |
| GHSA-8M9J-2F32-2VX4 MobSF vulnerable to Open Redirect in Login Redirect | 31 Jul 202420:54 | – | osv |
id: CVE-2024-41955
info:
name: Open Redirect in Login Redirect - MobSF
author: Farish
severity: medium
description: |
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view.
remediation: |
Update Mobile Security Framework (MobSF) to the latest version that includes the fix from commit fdaad81.
impact: |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks.
reference:
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/fdaad81314f393d324c1ede79627e9d47986c8c8
- https://nvd.nist.gov/vuln/detail/CVE-2024-41955
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41955
- https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N
cvss-score: 5.2
cve-id: CVE-2024-41955
cwe-id: CWE-601
epss-score: 0.00924
epss-percentile: 0.56055
metadata:
max-request: 1
verified: true
vendor: mobsf
product: mobsf
fofa-query: "MobSF"
tags: cve,cve2024,open-redirect,mobsf,authenticated,vuln
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
POST /login/?next=//interact.sh HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username={{username}}&password={{password}}
host-redirects: true
matchers:
- type: regex
part: header_2
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
# digest: 4a0a00473045022100b007a6b5a0e753fb2a5f71dd71124c4e8ecd9c767909f796263d42a3be1fa0ce02203f1c0c06d078bee3832e072872644f2440caa0e4713730684abf3468206963f5:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation