{"id":"CVE-2024-39767","details":"Mattermost Mobile Apps versions \u003c=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that server’s push notifications.","modified":"2026-03-14T12:34:51.256223Z","published":"2024-07-15T09:15:02.573Z","references":[{"type":"ADVISORY","url":"https://mattermost.com/security-updates"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mattermost/mattermost-mobile","events":[{"introduced":"0"},{"fixed":"850a3d5d2a9782f5e6c589ecca90a7cf01099534"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.17.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39767.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}