Candidate: CVE-2019-13033
PublicDate: 2020-06-18 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13033
 https://cisofy.com/security/cve/cve-2019-13033/
 https://github.com/CISOfy/lynis/commit/3b9eda53cc20e851c4456618f027bc9ea794ad30
Description:
 In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by
 looking at the process list when a data upload is being performed. This
 license can be used to upload data to a central Lynis server. Although no
 data can be extracted by knowing the license key, it may be possible to
 upload the data of additional scans.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [3.3 LOW]


Patches_lynis:
upstream_lynis: needs-triage
precise/esm_lynis: DNE
trusty_lynis: ignored (out of standard support)
trusty/esm_lynis: DNE
xenial_lynis: ignored (end of standard support, was needs-triage)
bionic_lynis: needs-triage
eoan_lynis: ignored (reached end-of-life)
focal_lynis: needs-triage
groovy_lynis: not-affected (3.0.0-1)
hirsute_lynis: not-affected (3.0.0-1)
impish_lynis: not-affected (3.0.0-1)
jammy_lynis: not-affected (3.0.0-1)
devel_lynis: not-affected (3.0.0-1)