Описание
Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response.
Ссылки
- https://gitlab.e.foundation/e/os/releases/-/releases/v0.19-q#sparkles-we-embedded-other-improvementsRelease Notes
- Third Party Advisory
- https://gitlab.e.foundation/e/os/releases/-/releases/v0.19-q#sparkles-we-embedded-other-improvementsRelease Notes
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.19q (исключая)
cpe:2.3:a:e.foundation:app_lounge:*:*:*:*:*:android:*:*
EPSS
Процентиль: 16%
0.00051
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-347
Связанные уязвимости
CVSS3: 6.5
github
больше 2 лет назад
Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response.
EPSS
Процентиль: 16%
0.00051
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-347