CVE-2021-43171

Published: Aug 22, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response.

Affected (1)

Products: E.foundation: App Lounge

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
E.foundation App Lounge	Before 0.19q

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (4)

https://gitlab.e.foundation/e/os/releases/-/releases/v0.19-q#sparkles-we-embedded-other-improvements

Source: cve@mitre.org

Release Notes

https://nervuri.net/e/apps

Source: cve@mitre.org

Third Party Advisory

https://gitlab.e.foundation/e/os/releases/-/releases/v0.19-q#sparkles-we-embedded-other-improvements

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://nervuri.net/e/apps

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.