Lucene search

[email protected]CVE-2021-43171

HistoryAug 22, 2023 - 7:16 p.m.

CVE-2021-43171

2023-08-2219:16:21

CWE-347

[email protected]

web.nvd.nist.gov

cve-2021-43171

improper verification

cryptographic signatures

/e/os app store

remote attackers

malicious apps

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

Improper verification of applications’ cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user’s systems by altering the server’s API response.

Affected configurations

NVD

Node

e.foundationapp_loungeRange<0.19qandroid

CPENameOperatorVersion
e.foundation:app_loungee.foundation app loungelt0.19q

CPE	Name	Operator	Version
e.foundation:app_lounge	e.foundation app lounge	lt	0.19q

References

gitlab.e.foundation/e/os/releases/-/releases/v0.19-q#sparkles-we-embedded-other-improvements

nervuri.net/e/apps

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

Related for CVE-2021-43171

nvd1 prion1 osv1 cvelist1