cPanel TSR 2021-0003 Full Disclosure

Status
Not open for further replies.

cPanelTabby

Well-Known Member
Staff member
Dec 13, 2019
106
38
103
cPanel, Houston TX
cPanel Access Level
Root Administrator
SEC-584
Summary
Information disclosure via weak web stats permissions.

Security Rating
cPanel has assigned this vulnerability a CVSSv3.1 score of 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description
The processing of web log reports for cPanel accounts used insecure storage locations for the generated files. This allowed other local users to read the log reports.

Credits
This issue was discovered by an anonymous security researcher.

Solution
This issue is resolved in the following builds:
11.96.0.8
11.94.0.10

TSR-2021-0003.disclosure.signed
 
Status
Not open for further replies.