Source: lynis Version: 2.7.5-1 Severity: important Tags: security upstream Control: found -1 2.6.2-1 Control: found -1 2.4.0-1
Hi, The following vulnerability was published for lynis. CVE-2019-13033[0]: | In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by | looking at the process list when a data upload is being performed. | This license can be used to upload data to a central Lynis server. | Although no data can be extracted by knowing the license key, it may | be possible to upload the data of additional scans. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-13033 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13033 [1] https://cisofy.com/security/cve/cve-2019-13033/ [2] https://github.com/CISOfy/lynis/commit/3b9eda53cc20e851c4456618f027bc9ea794ad30 Please adjust the affected versions in the BTS as needed. Affected versions should be from 2.0.0 to 2.7.5. Regards, Salvatore