CVE-2024-39767

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jul 15, 2024

Updated: Jul 16, 2024

CWE ID 287

Summary

CVE-2024-39767 is a vulnerability affecting Mattermost Mobile Apps versions below 2.16.0. The issue lies in the failure to validate the authenticity of push notifications received for a server. As a result, a malicious server can spoof push notifications with another server's diagnostic ID or URL, causing these notifications to appear as legitimate alerts from the targeted server in users' mobile applications. This weakness poses a significant risk of misinformation and potential phishing attacks on unsuspecting users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mattermost Mobile

Affected Vendors

Mattermost, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/w82tsw
https://www.cve.org/CVERecord?id=CVE-2024-39767
https://nvd.nist.gov/vuln/detail/CVE-2024-39767

Back to Vulnerability Database