cPanel Security Advisory: cPanel Password Change Privilege Escalation

Updated builds of cPanel 10.5.0 that fix a security issue are available for users of EDGE, CURRENT, RELEASE and STABLE.

Security Rating
This update has been rated as having a trivial security impact by the cPanel Security team.

Successful exploitation allows a user to access features that are normally only accessible to privileged users (e.g. create/change files on web sites hosted by other domains), but requires that the user unknowingly changes his password to be the same as the root password and subsequently changes it again.

cPanel users should update to 10.5.0 build 38 or higher, which contain a fix for this issue.

Discovered by: IHS