Insecure Cryptographic Signature Verification in /e/OS App Lounge Allows Installation of Malicious Applications
CVE-2021-43171 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response.
Learn more about our Cis Benchmark Audit For Server Software.