cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.<\/p>\n
SEC-594<\/strong><\/p>\n Summary<\/p>\n Avoid usage of predictable PostgreSQL socket in \/tmp.<\/p>\n Security Rating<\/p>\n cPanel has assigned this vulnerability a CVSSv3.1 score of 5.6 CVSS:3.1\/AV:L\/AC:H\/PR:L\/UI:N\/S:C\/C:N\/I:H\/A:N<\/p>\n Description<\/p>\n When installed, PostgreSQL uses a predictable socket in \/tmp. It is possible for an unprivileged user to replace this socket with a socket to a process that they control.<\/p>\n Credits<\/p>\n This issue was discovered by the cPanel Security Team.<\/p>\n Solution<\/p>\n This issue is resolved in the following builds: SEC-607<\/strong><\/p>\n Summary<\/p>\n Disable liveAPI system for accounts in demo mode.<\/p>\n Security Rating<\/p>\n cPanel has assigned this vulnerability a CVSSv3.1 score of 6.8 CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:C\/C:N\/I:H\/A:N<\/p>\n Description<\/p>\n It is possible for arbitrary code to be executed via the liveAPI system when an account is in demo mode.<\/p>\n Credits<\/p>\n This issue was discovered by John Lightsey.<\/p>\n Solution<\/p>\n This issue is resolved in the following builds: SEC-610<\/strong><\/p>\n Summary<\/p>\n Escapes alert messages on manage git repo page.<\/p>\n Security Rating<\/p>\n cPanel has assigned this vulnerability a CVSSv3.1 score of 2.6 CVSS:3.1\/AV:N\/AC:H\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N<\/p>\n Description<\/p>\n If an alert message on the manage repo page had a string wrapped with < >, the alert would render it as an HTML element. This message is now properly escaped and shows as plain text.<\/p>\n Credits<\/p>\n This issue was discovered by the cPanel Security Team.<\/p>\n Solution<\/p>\n This issue is resolved in the following builds: SEC-613<\/strong><\/p>\n Summary<\/p>\n Ensure privilege check also covers reseller without domain creation.<\/p>\n Security Rating<\/p>\n cPanel has assigned this vulnerability a CVSSv3.1 score of Sev-D<\/p>\n Description<\/p>\n Account creation requires root privileges to specify certain options, including homedir. The code branch to create a reseller without a domain was being invoked before this check. By placing the check before it, we can ensure that it covers the case where we are creating a reseller without a domain. Allowing a non-root reseller to specify an arbitrary home directory such as \/usr\/local\/cpanel\/Cpanel\/Admin\/Modules can allow them to stage perl modules of their own for execution as root.<\/p>\n Credits<\/p>\n This issue was discovered by John Lightsey.<\/p>\n Solution<\/p>\n This issue is resolved in the following builds: SEC-615<\/strong><\/p>\n Summary<\/p>\n Failed linked node account creation leaves account on mail node.<\/p>\n Security Rating<\/p>\n cPanel has assigned this vulnerability a CVSSv3.1 score of 3.0 CVSS3.1AV:N\/AC:H\/PR:H\/UI:N\/S:C\/C:N\/I:L\/A:N<\/p>\n Description<\/p>\n When creating an account with a linked mail node, the account is created on the mail node before it is created on the control node and before all validation checks are complete. This can lead to the account failing to create on the control node after it has been created on the mail node.<\/p>\n Credits<\/p>\n This issue was discovered by John Lightsey.<\/p>\n Solution<\/p>\n This issue is resolved in the following builds: SEC-617<\/strong><\/p>\n Summary<\/p>\n Demo mode status does not propagate to child nodes.<\/p>\n Security Rating<\/p>\n cPanel has assigned this vulnerability a CVSSv3.1 score of 2.6 CVSS3.1AV:N\/AC:H\/PR:H\/UI:R\/S:C\/C:N\/I:L\/A:N<\/p>\n Description<\/p>\n Enabling demo mode on an account that is linked to a child node does not propagate the status to the child node. This allowed an ftp user to make changes on the child node that could lead to remote code execution.<\/p>\n Credits<\/p>\n This issue was discovered by John Lightsey.<\/p>\n Solution<\/p>\n This issue is resolved in the following builds: SEC-619<\/strong><\/p>\n Summary<\/p>\n Variables::get_user_information UAPI call could reveal sensitive information.<\/p>\n Security Rating<\/p>\n cPanel has assigned this vulnerability a CVSSv3.1 score of 4.3 CVSS3.1AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N<\/p>\n Description<\/p>\n The Variables::get_user_information UAPI call could reveal the cPanel API token for a linked cPanel account in plain text<\/p>\n Credits<\/p>\n This issue was discovered by John Lightsey.<\/p>\n Solution<\/p>\n This issue is resolved in the following builds: SEC-620<\/strong><\/p>\n Summary<\/p>\n cPanel account takeover via API2 savecontactinfo.<\/p>\n Security Rating<\/p>\n cPanel has assigned this vulnerability a CVSSv3.1 score of 9.6 CVSS3.1AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:N<\/p>\n Description<\/p>\n The CustInfo::savecontactinfo is available to webmail users but it takes a username argument that allows a webmail user to change the contact information for accounts that it should not have access to. This allowed a webmail user to change the contact email for the main cPanel account. With this, the webmail user could then reset the password for the cPanel account and thus gain access to it.<\/p>\n Credits<\/p>\n This issue was discovered by John Lightsey.<\/p>\n Solution<\/p>\n This issue is resolved in the following builds: SEC-621<\/strong><\/p>\n Summary<\/p>\n Sensitive information revealed by CustInfo::* API calls.<\/p>\n Security Rating<\/p>\n cPanel has assigned this vulnerability a CVSSv3.1 score of 4.3 CVSS3.1AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N<\/p>\n Description<\/p>\n It was possible for a webmail user to provide a username argument to the CustInfo::contactprefs and CustInfo::displaycontactinfo API calls allowing the webmail user to obtain sensitive information belonging to other webmail users and the cPanel account.<\/p>\n Credits<\/p>\n This issue was discovered by John Lightsey.<\/p>\n Solution<\/p>\n This issue is resolved in the following builds: SEC-622<\/strong><\/p>\n Summary<\/p>\n Fix reseller ACL restriction bypass for linked nodes.<\/p>\n Security Rating<\/p>\n cPanel has assigned this vulnerability a CVSSv3.1 score of 2.2 CVSS3.1AV:N\/AC:H\/PR:H\/UI:N\/S:U\/C:N\/I:L\/A:N<\/p>\n Description<\/p>\n When creating or editing a package adjustments to the package settings are made based on the package owner\u2019s privileges. In a linked node setting, the command to create\/edit the package is run as root so those adjustments do not get made. Save and reload the package locally so all the ACL-based adjustments can be made to the settings before sending them onto the remote nodes.<\/p>\n Credits<\/p>\n This issue was discovered by John Lightsey.<\/p>\n Solution<\/p>\n This issue is resolved in the following builds: SEC-624<\/strong><\/p>\n Summary<\/p>\n root privilege escalation via passengerapps REGISTER_APPLICATION call.<\/p>\n Security Rating<\/p>\n cPanel has assigned this vulnerability a CVSSv3.1 score of 7.6 CVSS:3.1AV:N\/AC:H\/PR:H\/UI:R\/S:C\/C:H\/I:H\/A:H<\/p>\n Description<\/p>\n When registering a passenger application, it is possible to gain root privileges by registering an application with a script posing as a node\/python\/ruby interpreter in the attackers home directory. This fixes that by restricting the interpreters to either the system binaries or one provided by an EasyApache package.<\/p>\n Credits<\/p>\n This issue was discovered by John Lightsey.<\/p>\n Solution<\/p>\n This issue is resolved in the following builds: SEC-625<\/strong><\/p>\n Summary<\/p>\n Sanitizes domain name on manage dns zones page.<\/p>\n Security Rating<\/p>\n cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1AV:L\/AC:H\/PR:H\/UI:R\/S:U\/C:N\/I:L\/A:N<\/p>\n Description<\/p>\n Prevents XSS attack using lodash when using the manage dns zones page<\/p>\n Credits<\/p>\n This issue was discovered by John Lightsey.<\/p>\n Solution<\/p>\n This issue is resolved in the following builds: For the PGP-Signed message please see\u00a0the linked document below.<\/p>\n","protected":false},"excerpt":{"rendered":" cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. SEC-594 Summary Avoid usage of predictable PostgreSQL socket in \/tmp. Security Rating cPanel has assigned this vulnerability …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"class_list":["post-20983","post","type-post","status-publish","format-standard","hentry","category-cpanel-news"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/20983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=20983"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/20983\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=20983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=20983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=20983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n11.94.0.23
\n11.102.0.5
\n11.100.0.10<\/p>\n
\n11.94.0.23
\n11.102.0.5
\n11.100.0.10<\/p>\n
\n11.94.0.23
\n11.102.0.5
\n11.100.0.10<\/p>\n
\n11.102.0.5
\n11.100.0.10<\/p>\n
\n11.94.0.23
\n11.102.0.5
\n11.100.0.10<\/p>\n
\n11.94.0.23
\n11.102.0.5
\n11.100.0.10<\/p>\n
\n11.94.0.23
\n11.102.0.5
\n11.100.0.10<\/p>\n
\n11.94.0.23
\n11.102.0.5
\n11.100.0.10<\/p>\n
\n11.94.0.23
\n11.102.0.5
\n11.100.0.10<\/p>\n
\n11.94.0.23
\n11.102.0.5
\n11.100.0.10<\/p>\n
\n11.94.0.23
\n11.102.0.5
\n11.100.0.10<\/p>\n
\n11.94.0.23
\n11.102.0.5
\n11.100.0.10<\/p>\n