Описание
Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that server’s push notifications.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.17.0 (исключая)
cpe:2.3:a:mattermost:mattermost_mobile:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00129
Низкий
4.2 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 4.2
github
больше 1 года назад
Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that server’s push notifications.
EPSS
Процентиль: 33%
0.00129
Низкий
4.2 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-287
CWE-287