Newsroom

cPanel TSR-2020-0004 Full Disclosure

SEC-488

Summary

Code execution due to faulty file extension dispatching.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

cPanel & WHM’s cpsrvd daemon did not verify that some file extensions matched the actual file that would handle a request before dispatching the request to the file extension’s handler. In a default configuration of cPanel & WHM this allowed webmail accounts to execute code on the server.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.88.0.13
11.86.0.24

SEC-557

Summary

Package modification restriction bypass.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

Inconsistencies in the method of package name determination could have lead to an incorrect package being modified. This allowed resellers to modify packages in unauthorized ways.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.88.0.13
11.86.0.24

SEC-564

Summary

Self-XSS vulnerabilities in DNS Zone Manager DNSSEC interfaces.

Security Rating

cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

Domain names were displayed without proper escaping in error messages generated by the DNS Zone Manager interfaces. This allowed the injection of HTML or javascript code on the rendered page.

Credits

This issue was discovered by the cPanel Security Team.

Solution

This issue is resolved in the following builds:
11.88.0.13
11.86.0.24

For the PGP-signed message, please see: TSR-2020-0004.disclosure.signed