CVE-2024-8474 Information

Description

OpenVPN Connect before version 3.5.0 can contain the configuration profile’s clear-text private key which is logged in the application log which an unauthorized actor can use to decrypt the VPN traffic

Reference

https://openvpn.net/connect-docs/android-release-notes.html