CVE-2019-13033

Public on 2020-08-26
Modified on 2020-08-31
Description
In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans.
Severity
Low
CVSS v3 Base Score
3.3
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 lynis 2020-08-26 23:09 ALAS-2020-1419

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N
Amazon Linux CVSSv3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
NVD CVSSv2 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N
NVD CVSSv3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N