CVE-2021-43171

EUVD-2021-30118
Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Common Weakness Enumeration
References
https://gitlab.e.foundation/e/os/releases/-/releases/v0.19-q#sparkles-we-embedded-other-improvements
https://nervuri.net/e/apps
https://gitlab.e.foundation/e/os/releases/-/releases/v0.19-q#sparkles-we-embedded-other-improvements
https://nervuri.net/e/apps