cPanel has released its\u00a0Targeted Security Release to address security concerns with the cPanel product.\u00a0These updates are currently available to all customers via the standard update system.<\/p>\n
cPanel has rated this update as having a CVSSv3.1 score of\u00a03.9 to 5.3<\/strong>. For more information on ratings, please visit\u00a0our documentation<\/u><\/a>.<\/p>\n If you have disabled cPanel & WHM automatic updates, please update your cPanel & WHM installations at your earliest convenience.<\/p>\n If you have configured cPanel & WHM servers to automatically update, no action is required. Your servers have automatically been updated.<\/p>\n To avoid service interruptions, please ensure you are on one of the following secure versions:<\/p>\n Summary<\/strong><\/p>\n Boxtrapper runs with \/tmp as the working directory.<\/p>\n Security Rating<\/strong><\/p>\n cPanel has assigned this vulnerability a CVSSv3.1 score of 3.9 CVSS:3.1\/AV:L\/AC:H\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N<\/p>\n Description<\/strong><\/p>\n Boxtrapper is run with \/tmp as the working directory. In combination with the CVE-2021-36770 for Perl\u2019s Encode.pm<\/a>, it is possible for an attacker to execute arbitrary code as another user on the server.<\/p>\n Credits<\/strong><\/p>\n This issue was discovered by the cPanel Security Team.<\/p>\n Solution<\/strong><\/p>\n This issue is resolved in the following builds: Summary<\/strong><\/p>\n Reflected XSS Vulnerability in Legacy Login Page.<\/p>\n Security Rating<\/strong><\/p>\n cPanel has assigned this vulnerability a CVSSv3.1 score of 5.3 CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N<\/p>\n Description<\/strong><\/p>\n Invalid UTF-8 characters could trigger cPanel to use the Legacy Login page. This page did not adequately encode output. This could allow for an attacker to inject arbitrary JavaScript code into the rendered page.<\/p>\n Credits<\/strong><\/p>\n This issue was discovered by Sh1yo.<\/p>\n Solution<\/strong><\/p>\n This issue is resolved in the following builds: For the latest information on cPanel & WHM releases, please visit our\u00a0cPanel Downloads<\/u><\/a>\u00a0page.<\/p>\n For more information on the cPanel & WHM Versions and Release Process, please refer to\u00a0our documentation<\/u><\/a>.<\/p>\nIs there any action required?<\/h2>\n
\n
Full Disclosure Details<\/h2>\n
SEC-595<\/h3>\n
\n11.98.0.8
\n11.94.0.16<\/p>\nSEC-596<\/h3>\n
\n11.98.0.8
\n11.94.0.16<\/p>\nAdditional Information<\/h2>\n