CVE-2019-13033

LOW

CISOfy Lynis 2.0.0-2.7.5 - Exposure of Sensitive Information via Process List

Title source: llm

Description

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans.

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

https://cisofy.com/security/cve/cve-2019-13033/

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/06/msg00024.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDCHEKNR3HPJRNHE5PYKFH5GNBADTPA7/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBFHIX6RTHCK37FXMAAXP4KGAMLUFDUD/

Scores

CVSS v3 3.3

EPSS 0.0037

EPSS Percentile 28.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (5)

cisofy/lynis 2.0.0 - 2.7.5

debian/debian_linux 8.0

debian/debian_linux 9.0

fedoraproject/fedora 30

fedoraproject/fedora 31

Published Jun 18, 2020

Tracked Since Feb 18, 2026