Unrated severityNVD Advisory· Published Jul 15, 2024· Updated Aug 2, 2024

Spoofed push notifications from malicious server

CVE-2024-39767

Description

Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that server’s push notifications.

Affected products

Mattermost/Mattermostv5
Range: 0

Patches

850a3d5d2a97

https://github.com/mattermost/mattermost-mobilevia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

mattermost.com/security-updatesmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000