Newsroom

cPanel TSR 2021-0003 Full Disclosure

SEC-584

Summary

Information disclosure via weak web stats permissions.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

The processing of web log reports for cPanel accounts used insecure storage locations for the generated files. This allowed other local users to read the log reports.

Credits

This issue was discovered by an anonymous security researcher.

Solution

This issue is resolved in the following builds:
11.96.0.8
11.94.0.10