{"id":3183,"date":"2018-03-21T20:05:31","date_gmt":"2018-03-21T17:05:31","guid":{"rendered":"http:\/\/news.cpanel.com\/?p=54673"},"modified":"2018-03-21T20:05:31","modified_gmt":"2018-03-21T17:05:31","slug":"cpanel-tsr-2018-0002-full-disclosure","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cpanel-tsr-2018-0002-full-disclosure\/","title":{"rendered":"cPanel TSR-2018-0002 Full Disclosure"},"content":{"rendered":"
\"\"<\/div>\n

cPanel TSR-2018-0002 Full Disclosure<\/strong><\/p>\n

SEC-338<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Arbitrary file chmod during legacy incremental backups.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 7.5 CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:N<\/p>\n

Description<\/strong><\/p>\n

It was possible for a user to prepare their home directory in a way that after a series of incremental backups they could chmod arbitrary files on the system.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-357<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Self-XSS in WHM cPAddons showsecurity Interface.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

The addon parameter to the cPAddons showsecurity interface is not adequately encoded when included in the final rendered page. This allowed for arbitrary scripts to be injected into the rendered page.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33<\/p>\n

SEC-359<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Code execution via \u2018.\u2019 in @INC during perl syntax check of cpaddonsup.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 7.6 CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:R\/S:C\/C:H\/I:H\/A:H<\/p>\n

Description<\/strong><\/p>\n

The syntax check performed during \/scripts\/cpaddonsup did not use the fully qualified path to the cPanel distributed perl interpreter. This could allow an attacker to execute arbitrary code if root executed this script in a user controlled directory.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-362<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Demo account code execution via awstats.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 7.4 CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:L<\/p>\n

Description<\/strong><\/p>\n

The awstats application can be abused to execute arbitrary code on the server. This can be used by demo accounts to execute arbitrary code.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-364<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Root accesshash revealed by WHM \/cgi\/trustclustermaster.cgi.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 5.4 CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:R\/S:C\/C:H\/I:N\/A:N<\/p>\n

Description<\/strong><\/p>\n

A logic error in \/cgi\/trustclustermaster.cgi potentially exposed root\u2019s accesshash when executed by a reseller with the DNS Clustering ACL.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-368<\/strong><\/p>\n

Summary<\/strong><\/p>\n

OpenID providers can inject arbitrary data into cPanel session files.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 6.4 CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:U\/C:H\/I:H\/A:N<\/p>\n

Description<\/strong><\/p>\n

cPanel session files are not capable of handling values including newlines. When linking accounts, OpenID Connect provider data is directly passed from the remote provider into the session. If this data includes a newline, it is possible to corrupt the session, allowing login to non-linked accounts.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-369<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Stored XSS in WHM Edit DNS Zone.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.6 CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

When saving a modified DNS zone, the MX records are parsed in order to reconfigure mail routing. This parsing process is not correct and processes non-MX records by mistake. This in combination with insufficient encoding of output error messages allowed for an attacker to inject arbitrary code into the rendered page when a DNS zone is saved.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-370<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Stored XSS in WHM Edit MX Entry.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.6 CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

When saving a modified MX record, the MX records are parsed in order to reconfigure mail routing. This parsing process is not correct and processes non-MX records by mistake. This in combination with insufficient encoding of output error messages allowed for an attacker to inject arbitrary code into the rendered page when a MX record is saved.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-372<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Remote Stored XSS in WHM DNS Cluster.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

When viewing the list of currently configured DNS Cluster server members, the server version did not perform context appropriate escaping. This could allow an attacker to execute arbitrary code in the rendered page.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-373<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Remote Stored XSS in WHM Create Account.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

When creating an account while an attacker controlled DNS cluster server is configured, messages passed back from DNS Admin did not apply context appropriate escaping. This allowed arbitrary code to be injected into the rendered page.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-374<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Remote Stored XSS in WHM Edit DNS Zone.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

When editing DNS zones while an attacker controlled DNS cluster server is configured, messages passed back from DNS Admin did not apply context appropriate escaping. This allowed arbitrary code to be injected into the rendered page.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-375<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Remote Stored XSS in WHM Delete a DNS Zone.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

When deleting DNS zones while an attacker controlled DNS cluster server is configured, messages passed back from DNS Admin did not apply context appropriate escaping. This allowed arbitrary code to be injected into the rendered page.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-376<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Remote Stored XSS in WHM DNS Cleanup.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

When cleaning up DNS zones while an attacker controlled DNS cluster server is configured, messages passed back from DNS Admin did not apply context appropriate escaping. This allowed arbitrary code to be injected into the rendered page.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-377<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Remote Stored XSS in WHM Synchronize DNS Records.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

When syncing DNS zones while an attacker controlled DNS cluster server is configured, messages passed back from DNS Admin did not apply context appropriate escaping. This allowed arbitrary code to be injected into the rendered page.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-378<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Arbitrary file read and unlink via WHM style uploads.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 7.6 CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

A logic error in the handling of file uploads allowed attackers with the \u201cmanage-styles\u201d ACL to read or unlink any file on the server with root\u2019s effective permissions.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-379<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Local privilege escalation via WHM Legacy Language File Upload interface.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 8.2 CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H<\/p>\n

Description<\/strong><\/p>\n

A logic error in the handling of file uploads allowed attackers with the \u201clocale-edit\u201d ACL to read, write and chmod files with root\u2019s effective permissions. A local attacker could misuse this behavior to run arbitrary code at the root user.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-380<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Local privilege escalation via WHM Locale XML Upload interface.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 8.2 CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H<\/p>\n

Description<\/strong><\/p>\n

A logic error in the handling of file uploads allowed attackers with the \u201clocale-edit\u201d ACL to read, write and chmod files with root\u2019s effective permissions. A local attacker could misuse this behavior to run arbitrary code at the root user.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-382<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Jailshell breakout via incorrect crontab parsing.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 3.8 CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:N<\/p>\n

Description<\/strong><\/p>\n

There was a mismatch between what the crontab daemon considers whitespace versus the validation applied against new cron entries. This allowed for an attacker to set entries to be run by an arbitrary shell resulting in escape from jailshell.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-391<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Remote Stored XSS in cpaddons vendor interface.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

When adding a 3rd party vendor to the cpaddons interface, the output was not properly escaped. This allowed remotely stored malicious files to execute arbitrary code in the rendered page.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-392<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Open redirect via \/unprotected\/redirect.html endpoint.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:N\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

The redirect script present at \/unprotected\/redirect.html does not adequately validate the redirect path parameter. This allowed for a redirect to arbitrary URLs.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by Georgi Vasilev of siteground.com.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-401<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Htaccess restrictions bypass when \u201cHtaccess Optimization\u201d enabled.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 6.5 CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

The \u201cHtaccess Optimization\u201d functionality introduced in cPanel & WHM version 66 allowed the bypassing of account suspensions and .htaccess based access controls with some configurations. This funtionality has been disabled and will be replaced with an alternative optimization method in a future update.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33<\/p>\n

SEC-405<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Demo account code execution via cPanel Landing Page.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 7.4 CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:L<\/p>\n

Description<\/strong><\/p>\n

The app_name parameter used in the cPanel Landing Page template could be abused to additionally process a template controlled by a cPanel user. This can be used by demo accounts to execute arbitrary code.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by Fabian Patrik of websafe.hu.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-406<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Apache logs exposed by creation of certain domains.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.1 CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:L\/I:N\/A:N<\/p>\n

Description<\/strong><\/p>\n

A reseller could create a domain that would use and change ownership of already existing domain log files. These domains use the \u201c.localhost\u201d TLD. It is no longer possible to create a domain with the aforementioned TLD.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by rack911labs.com.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-410<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Stored XSS in WHM Edit DNS Zone.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.6 CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

When editing a DNS zone, error messages for a zone that can not be parsed correctly are returned to the user. These error messages are not sufficiently encoded. This allowed arbitrary code to be injected into the rendered page.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-411<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Email account suspensions can be applied to unowned accounts.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.4 CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:L<\/p>\n

Description<\/strong><\/p>\n

It was possible for a user to suspend or unsuspend email accounts they did not own by taking advantage of email account names that contained newlines.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-412<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Stored XSS in WHM Reset a DNS Zone.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 4.6 CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N<\/p>\n

Description<\/strong><\/p>\n

When resetting a DNS zone, error messages for a zone that can not be parsed correctly are returned to the user. These error messages are not sufficiently encoded. This allowed arbitrary code to be injected into the rendered page.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33
62.0.42<\/p>\n

SEC-371<\/strong><\/p>\n

Summary<\/strong><\/p>\n

Any user is able to shut down Solr.<\/p>\n

Security Rating<\/strong><\/p>\n

cPanel has assigned this vulnerability a CVSSv3 score of 5.5 CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H<\/p>\n

Description<\/strong><\/p>\n

The solr daemon stop key is passed to the daemon on the command line when it is started. This value is visible in the process listing when the daemon is running. Other users are able to see this, allowing a potential attacker to shutdown the daemon at any time.<\/p>\n

Credits<\/strong><\/p>\n

This issue was discovered by the cPanel Security Team.<\/p>\n

Solution<\/strong><\/p>\n

This issue is resolved in the following builds:
70.0.23
68.0.33<\/p>\n

For the PGP-Signed version of this announcement please see: https:\/\/news.cpanel.com\/wp-content\/uploads\/2018\/03\/TSR-2018-0002.disclosure.signed.txt<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

cPanel TSR-2018-0002 Full Disclosure SEC-338 Summary Arbitrary file chmod during legacy incremental backups. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 7.5 CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:N Description It was possible for a user to prepare their home directory in a way that after a series of incremental backups they could chmod arbitrary files on the …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"class_list":["post-3183","post","type-post","status-publish","format-standard","hentry","category-cpanel-news"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/3183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=3183"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/3183\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=3183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=3183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=3183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}