CVE-2021-43171 — MEDIUM (6.5)

Q: How severe is CVE-2021-43171?

CVE-2021-43171 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-43171?

Check the references section above for vendor advisories and patch information. Affected products include: E.Foundation App Lounge.

Vulnerability Description

Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
E.Foundation	App Lounge	< 0.19q

Related Weaknesses (CWE)

CWE-347

References

https://gitlab.e.foundation/e/os/releases/-/releases/v0.19-q#sparkles-we-embeddeRelease Notes
https://nervuri.net/e/appsThird Party Advisory
https://gitlab.e.foundation/e/os/releases/-/releases/v0.19-q#sparkles-we-embeddeRelease Notes
https://nervuri.net/e/appsThird Party Advisory

FAQ

What is CVE-2021-43171?

CVE-2021-43171 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applica...

How severe is CVE-2021-43171?

CVE-2021-43171 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-43171?

Check the references section above for vendor advisories and patch information. Affected products include: E.Foundation App Lounge.