CVE-2024-31215: Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
What kind of vulnerability is it? Who is impacted? SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is possible to make internal requests.
Credits: Oleg Surnin (Positive Technologies).
References
- github.com/MobSF/Mobile-Security-Framework-MobSF
- github.com/MobSF/Mobile-Security-Framework-MobSF/commit/43bb71d115d78c03faa82d75445dd908e9b32716
- github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2373
- github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wpff-wm84-x5cx
- github.com/advisories/GHSA-wpff-wm84-x5cx
- nvd.nist.gov/vuln/detail/CVE-2024-31215
Code Behaviors & Features
Detect and mitigate CVE-2024-31215 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →