cvedb.io
CVE-2024-39767
MEDIUM · CVSS 4.2
EPSS exploitation probability: 0%
Published 2024-07-15T09:15:02.573 · Last modified 2026-06-17T07:42:38.993

Summary

Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that server’s push notifications.

Affected products

mattermost — mattermost_mobile

Does this affect you?

Add your gear to cvedb and we'll alert you only when mattermost ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.