Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Spoofed push notifications from malicious server
Vulnerability Description
Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that server’s push notifications.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
Vulnerability Type
认证机制不恰当
Vulnerability Title
Mattermost Mobile Apps 安全漏洞
Vulnerability Description
Mattermost Mobile Apps是美国Mattermost公司的一款消息传递移动应用程序。 Mattermost Mobile Apps 2.16.0 版本及之前版本存在安全漏洞,该漏洞源于在接收推送通知时,没有验证这些通知是否确实来自它们所声称的服务器。
CVSS Information
N/A
Vulnerability Type
N/A