Login Sign Up

CVE-2024-39767

4.2 MEDIUM
Authentication Bypass

📋 TL;DR

Mattermost mobile apps up to version 2.16.0 fail to properly validate push notification origins, allowing malicious servers to impersonate legitimate servers. This affects all Mattermost mobile app users connecting to potentially compromised or malicious Mattermost server instances.

💻 Affected Systems

Products:
  • Mattermost Mobile App
Versions: <= 2.16.0
Operating Systems: Android, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects mobile apps, not web or desktop clients. Requires user to have the vulnerable mobile app version installed.

📦 What is this software?

Mattermost Mobile by Mattermost

View all CVEs affecting Mattermost Mobile →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could send deceptive push notifications appearing to come from legitimate servers, potentially tricking users into revealing credentials or performing unauthorized actions.

🟠

Likely Case

Users receive misleading notifications from spoofed servers, causing confusion and potential information disclosure through social engineering.

🟢

If Mitigated

With proper server validation, only legitimate servers can send notifications, maintaining notification integrity and user trust.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires control of a malicious Mattermost server instance that users connect to. Exploitation depends on social engineering users to interact with spoofed notifications.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.16.1

Vendor Advisory: https://mattermost.com/security-updates

Restart Required: Yes

Instructions:

1. Update Mattermost mobile app to version 2.16.1 or later from official app stores. 2. Restart the mobile app after update. 3. Verify the update was successful by checking app version in settings.

🔧 Temporary Workarounds

Disable Push Notifications

all

Temporarily disable push notifications in the Mattermost mobile app settings to prevent exploitation.

Open Mattermost app > Settings > Notifications > Push Notifications > Turn Off

🧯 If You Can't Patch

  • Educate users to be cautious of unexpected push notifications and verify server URLs before interacting
  • Monitor for unusual notification patterns or user reports of suspicious notifications

🔍 How to Verify

Check if Vulnerable:

Check the Mattermost mobile app version in app settings. If version is 2.16.0 or earlier, the app is vulnerable.

Check Version:

Open Mattermost app > Settings > About > Version

Verify Fix Applied:

Verify the app version is 2.16.1 or later in the app settings after updating.

📡 Detection & Monitoring

Log Indicators:

  • User reports of unexpected push notifications
  • Notifications from unfamiliar server URLs

Network Indicators:

  • Unusual push notification traffic patterns from non-standard servers

SIEM Query:

Search for user reports containing 'unexpected notification', 'spoofed notification', or 'wrong server' in Mattermost logs

📊 Metadata

CVE ID: CVE-2024-39767
CVSS v3 Score: 4.2 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
CWE: CWE-287
Published: July 15, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39767, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)