Openvpn: >> Connect >> 3.3.7.2979 Security Vulnerabilities
The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable
CVSS Score
7.8
EPSS Score
0.002
Published
2024-02-20
OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials
CVSS Score
5.9
EPSS Score
0.001
Published
2023-10-17