CVE-2023-42261 (mobile_security_framework)

** DISPUTED ** Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example, use a reverse proxy server.

authentication beta cases cve environment framework insecure mobile mobile security network permissions product proxy proxy server reverse reverse proxy security security framework server untrusted use cases vendor vulnerable