cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.
WHM Locale Upload allows vulnerable to XXE and unserialization attacks.
cPanel has assigned this vulnerability a CVSSv3.1 score of 2.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
The WHM Local Upload functionality allows for arbitrary XML documents to be uploaded. These documents may be serialized Perl object data. These documents may include references to external entities and/or be recorded as blessed Perl objects. This may lead to arbitrary file read/writes and/or code execution.
This issue was discovered by Adrian Tiron, Fortbridge (Cyber Security Services – London – Your application security mavens ).
This issue is resolved in the following builds:
11.98.0.1
11.96.0.13
11.94.0.13
Insecure temporary file creation in scripts/fix-cpanel-perl.
cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
The scripts/fix-cpanel-perl script creates temporary files and directories in a predictable location. An attacker could create these directories before the script executes in order to execute arbitrary code.
This issue was discovered by the cPanel Security Team.
This issue is resolved in the following builds:
11.96.0.13
The fix-cpanel-perl script does not verify download integrity.
cPanel has assigned this vulnerability a CVSSv3.1 score of 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
In some situations, the fix-cpanel-perl script does not verify signatures on files downloaded from the cPanel mirrors. This could allow for an attacker to execute arbitrary code in the event of a MITM attack.
This issue was discovered by the cPanel Security Team.
This issue is resolved in the following builds:
11.96.0.13
Insecure file overwrite in scripts/fix-cpanel-perl.
cPanel has assigned this vulnerability a CVSSv3.1 score of 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
The scripts/fix-cpanel-perl script can create a file in the current working directory. If the script is run from within a user-controlled directory, it may be possible to overwrite an arbitrary file with known content.
This issue was discovered by the cPanel Security Team.
This issue is resolved in the following builds:
11.96.0.13
Insecure file operations performed by /scripts/cpan_config.
cPanel has assigned this vulnerability a CVSSv3.1 score of 2.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
The /scripts/cpan_config script perfumes insecure file operations within the current working directory. If run in a user-controlled directory, it is possible for an attacker to overwrite arbitrary files.
This issue was discovered by Patrick William – Rack911 Labs.
This issue is resolved in the following builds:
11.98.0.1
11.96.0.13
11.94.0.13
For information on cPanel & WHM Versions and the Release Process, read our documentation at: https://go.cpanel.net/versionformat