CVE-2024-45838

The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It is advised to not use sensitive information in callsigns when using this and previous versions of the plugin. Update to current plugin version which uses AES-256 encryption for callsigns in encrypted operation
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*

History

17 Oct 2024, 17:15

Type Values Removed Values Added
Summary (en) The goTenna Pro ATAK Plugin does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities. (en) The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It is advised to not use sensitive information in callsigns when using this and previous versions of the plugin. Update to current plugin version which uses AES-256 encryption for callsigns in encrypted operation

07 Oct 2024, 18:59

Type Values Removed Values Added
CPE cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*
First Time Gotenna
Gotenna gotenna
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 - Third Party Advisory, US Government Resource

30 Sep 2024, 12:46

Type Values Removed Values Added
Summary
  • (es) El complemento ATAK de goTenna Pro no cifra los indicativos de sus usuarios. Estos indicativos revelan información sobre los usuarios y también pueden aprovecharse para otras vulnerabilidades.

26 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-26 18:15

Updated : 2024-10-17 17:15


NVD link : CVE-2024-45838

Mitre link : CVE-2024-45838

CVE.ORG link : CVE-2024-45838


JSON object : View

Products Affected

gotenna

  • gotenna
CWE
CWE-319

Cleartext Transmission of Sensitive Information