Описание
The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It is advised to not use sensitive information in callsigns when using this and previous versions of the plugin. Update to current plugin version which uses AES-256 encryption for callsigns in encrypted operation
Ссылки
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.7 (исключая)
cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*
EPSS
Процентиль: 6%
0.00025
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 4.3
github
больше 1 года назад
The goTenna Pro ATAK Plugin does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.
EPSS
Процентиль: 6%
0.00025
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-319