Veracode Vulnerability DatabaseVERACODE:46032Server Side Request Forgery (SSRF)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
26.4%
mobsfscan is vulnerable to Server Side Request Forgery. The vulnerability due to inadequate input validation when extracting the android:host hostname attribute within the AndroidManifest.xml file, allowing attackers to manipulate requests and potentially make connections to internal-only services within an organization’s infrastructure.
References
drive.google.com/file/d/1nbKMd2sKosbJef5Mh4DxjcHcQ8Hw0BNR/view?usp=share_link
github.com/MobSF/Mobile-Security-Framework-MobSF/commit/5a8eeee73c5f504a6c3abdf2a139a13804efdb77
github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wfgj-wrgh-h3r3
github.com/MobSF/mobsfscan/commit/61fd40b477bbf9d204eb8c5a83a86c396d839798
github.com/MobSF/mobsfscan/commit/cd01b71770a6e56c1c71b0e5f454e7b6c9c64ef4
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
26.4%