CVE-2024-29190

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 22, 2024

Updated: Mar 25, 2024

CWE ID 918

Summary

CVE-2024-29190 is a vulnerability affecting Mobile Security Framework (MobSF) versions 3.9.5 Beta and prior. The issue lies in the lack of input validation during hostname extraction from `android:host`, allowing requests to be sent to local hostnames. An attacker can exploit this server-side request forgery vulnerability to make the server connect to internal-only services within the organization's infrastructure. This weakness was addressed in commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 with a hotfix.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/u_vtKx
https://www.cve.org/CVERecord?id=CVE-2024-29190
https://nvd.nist.gov/vuln/detail/CVE-2024-29190

Back to Vulnerability Database

CVE-2024-29190

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations