Hide Forgot
In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans. References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDCHEKNR3HPJRNHE5PYKFH5GNBADTPA7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFHIX6RTHCK37FXMAAXP4KGAMLUFDUD/
Created lynis tracking bugs for this issue: Affects: epel-all [bug 1856743] Affects: fedora-all [bug 1856742]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.