-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

cPanel TSR 2021-0003 Full Disclosure

SEC-584

Summary

Information disclosure via weak web stats permissions.

Security Rating

cPanel has assigned this vulnerability a CVSSv3.1 score of 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

The processing of web log reports for cPanel accounts used insecure storage locations for the generated files. This allowed other local users to read the log reports.

Credits

This issue was discovered by an anonymous security researcher.

Solution

This issue is resolved in the following builds:
11.96.0.8
11.94.0.10
-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEtnCbTMb0IHf2mEGRlSG+3KvZTd8FAmCiy4MUHHNlY3VyaXR5
QGNwYW5lbC5uZXQACgkQlSG+3KvZTd/w2RAAiOLJMt1lm5IcrvijStZ5LQPOIEje
hae+tyALj+NjPWraslDTifLX7bSKxenOUha7nwbC6pJyg9q8uL0tZoxZa0BCGFg1
YRMCBNbOA37DYpRDV+HbJ46irzCLMvSI/JaMjS97s05Ze+BoT9BaNGHL6EB4Y/h6
1Z8scf+nXpMv97vCIbH62F46LPcmVk1t7H27mL/avGGq35bVacnySntHDw7KSvHj
up0e5ccJ6FZ2ajx6HDi8czxnBGUpaVRwBie9ns1gPqycR++5SM6+DZVo01fABmKV
QoqVzKuTqn5yYm1r+1vvprcf3nZdqwgp9uOk4tAaJnx86y/W06xedH+3DaQcXLkL
2t9mfxodG62YnyuWwRJCzmmqgFSd6DR/YCGFgYf/eF6X9yp15nzs8tiV190Z81ub
fxweQPaCx2H5vPP4qVUy2DIb1iRWs2ogqi0lMJlGJ9XY4ZfncZ47OjtNdkblMU9G
d2KzgG991w9wVPX4U8dFMEl7S3WJOdB4WJQ2Xzc7lZlf60poQC3tvj8OKPM6is0l
/2hSbPJmYk/mwGLp9JVlUwX1xbvU+ZBnaqWQqhdmHrDKJVEZHE3szu0yUuH5Z80Y
ntJho7y36eNGagrzFnDcpEOTjTEHqRy4oiiA28+rcPofwapW7GJuHYBL+PWw6ENB
u05FeEpCmWg2F5o=
=NOyJ
-----END PGP SIGNATURE-----