CVE-2019-11492

ProjectSend before r1070 writes user passwords to the server logs.
Source: NIST
CVE-2019-11492