Quack, On 2020-06-20 03:34, Salvatore Bonaccorso wrote:
CVE-2019-13033[0]: | In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by | looking at the process list when a data upload is being performed. | This license can be used to upload data to a central Lynis server. | Although no data can be extracted by knowing the license key, it may | be possible to upload the data of additional scans.
It should be possible to enable the license system on the packaged version but it makes no sense to do so since you would end-up quitting on all the extra tests that are not opensourced (only in the enterprise version). The central server also is not packaged for this reason. That is to say I believe this bug can completely be ignored.
Regards. \_o< -- Marc Dequènes
