SEC-488
Summary
Code execution due to faulty file extension dispatching.
Security Rating
cPanel has assigned this vulnerability a CVSSv3 score of 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
cPanel & WHM's cpsrvd daemon did not verify that some file extensions matched the actual file that would handle a request before dispatching the request to the file extension's handler. In a default configuration of cPanel & WHM this allowed webmail accounts to execute code on the server.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.88.0.13
11.86.0.24
SEC-557
Summary
Package modification restriction bypass.
Security Rating
cPanel has assigned this vulnerability a CVSSv3 score of 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Description
Inconsistencies in the method of package name determination could have lead to an incorrect package being modified. This allowed resellers to modify packages in unauthorized ways.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.88.0.13
11.86.0.24
SEC-564
Summary
Self-XSS vulnerabilities in DNS Zone Manager DNSSEC interfaces.
Security Rating
cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Description
Domain names were displayed without proper escaping in error messages generated by the DNS Zone Manager interfaces. This allowed the injection of HTML or javascript code on the rendered page.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.88.0.13
11.86.0.24
For the PGP-signed message, please see: TSR-2020-0004.disclosure.signed
Summary
Code execution due to faulty file extension dispatching.
Security Rating
cPanel has assigned this vulnerability a CVSSv3 score of 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
cPanel & WHM's cpsrvd daemon did not verify that some file extensions matched the actual file that would handle a request before dispatching the request to the file extension's handler. In a default configuration of cPanel & WHM this allowed webmail accounts to execute code on the server.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.88.0.13
11.86.0.24
SEC-557
Summary
Package modification restriction bypass.
Security Rating
cPanel has assigned this vulnerability a CVSSv3 score of 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Description
Inconsistencies in the method of package name determination could have lead to an incorrect package being modified. This allowed resellers to modify packages in unauthorized ways.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.88.0.13
11.86.0.24
SEC-564
Summary
Self-XSS vulnerabilities in DNS Zone Manager DNSSEC interfaces.
Security Rating
cPanel has assigned this vulnerability a CVSSv3 score of 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Description
Domain names were displayed without proper escaping in error messages generated by the DNS Zone Manager interfaces. This allowed the injection of HTML or javascript code on the rendered page.
Credits
This issue was discovered by the cPanel Security Team.
Solution
This issue is resolved in the following builds:
11.88.0.13
11.86.0.24
For the PGP-signed message, please see: TSR-2020-0004.disclosure.signed
