The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TSR 2014-0001 Full Disclosure

Discussion in 'cPanel Announcements' started by cPanelCory, Feb 5, 2014.

  1. cPanelCory

    cPanelCory Developer - cPanel Security Team
    Staff Member

    Joined:
    Jan 18, 2008
    Messages:
    69
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Houston
    cPanel Access Level:
    Root Administrator
    The following disclosures covers the Targeted Security Release 2014-0001.
    Each vulnerability is assigned an internal case number which is reflected below. Information regarding the cPanel Security Level rankings can be found here: http://go.cpanel.net/securitylevels


    _______________________________

    Case: 84385

    Summary
    Arbitrary code execution as cpanel-horde user via cache file poisioning.

    Security Rating
    cPanel has assigned a Security Level of Important to this vulnerability.

    Description
    The Horde Webmail interfaces accessible to cPanel and Webmail accounts uses PHP serialized cache files to speed up some backend operations. By default these cache files were stored in the world-writable /tmp directory with predictable names. A malicious local attacker could pre-create the cache files inside /tmp, potentially leading to arbitrary code execution as the cpanel-horde user.

    Credits
    This issue was discovered by the cPanel Security Team.

    Solution
    This issue is resolved in the following builds:

    11.42.0.4
    11.40.1.10
    11.38.2.16



    _______________________________

    Case: 86341

    Summary
    Arbitrary file read as root during cPanel account creation for ACL limited resellers.

    Security Rating
    cPanel has assigned a Security Level of Important to this vulnerability.

    Description
    An ACL limited reseller could send crafted inputs to WHM's account creation functionality to combine multiple path traversal attacks in the package extensions subsystem. This flaw would store the contents of the destination file into the new account's cpuser file.

    Credits
    This issue was discovered by the cPanel Security Team.

    Solution
    This issue is resolved in the following builds:

    11.42.0.4
    11.40.1.10



    _______________________________

    Case: 86381

    Summary
    Disclosure of root's accesshash to ACL limited resellers via WHM xml-api.

    Security Rating
    cPanel has assigned a Security Level of Important to this vulnerability.

    Description
    Reseller accounts, regardless of their ACLs, were able to retrieve and alter root's accesshash credentials via the get_remote_access_hash XML-API command by supplying empty user and password arguments.

    Credits
    This issue was discovered by the cPanel Security Team.

    Solution
    This issue is resolved in the following builds:

    11.42.0.4
    11.40.1.10
    11.38.2.16



    _______________________________

    Case: 86453

    Summary
    Injection of arbitrary settings into cpuser files via account creation.

    Security Rating
    cPanel has assigned a Security Level of Moderate to this vulnerability.

    Description
    The WHM /scripts5/wwwacctform interface allowed the injection of newlines into the 'locale' and 'cpmod' parameters. These injections could be used to set values in the newly created account's cpuser file that were not permissible with a reseller's ACL restrictions.

    Credits
    This issue was discovered by Rack911.

    Solution
    This issue is resolved in the following builds:

    11.42.0.4
    11.40.1.10
    11.38.2.16



    _______________________________

    Case: 86461

    Summary
    Overwriting of trusted inputs to third party hooks scripts.

    Security Rating
    cPanel has assigned a Security Level of Moderate to this vulnerability.

    Description
    An ACL limited reseller could provide additional form inputs to WHM's create and modify account interfaces containing null bytes in the parameter name. When these inputs were passed on to third party hook scripts though an exec() call, the additional parameters would be truncated to match parameter names that are normally anchored in trust for the third party hook scripts.
    Third party hook scripts are provided the raw inputs to the functions they extend and are responsible for validating these inputs. Since null bytes do not transfer through the hook script interface correctly, any form parameter names submitted with null bytes will now result in an error.

    Credits
    This issue was discovered by Rack911.

    Solution
    This issue is resolved in the following builds:

    11.42.0.4
    11.40.1.10
    11.38.2.16



    _______________________________

    Case: 86857

    Summary
    Limited arbitrary file overwrite for ACL limited resellers via domain parking.

    Security Rating
    cPanel has assigned a Security Level of Moderate to this vulnerability.

    Description
    The owner parameter to the WHM /scripts/park interface was not correctly validated. By injecting a path traversal attack into this parameter, reseller accounts with the 'park-dns' ACL could overwrite arbitrary files on the system with a Perl storable file with predictable contents.

    Credits
    This issue was discovered by the cPanel Security Team.

    Solution
    This issue is resolved in the following builds:

    11.42.0.4
    11.40.1.10
    11.38.2.16



    _______________________________

    Case: 87317

    Summary
    Arbitrary code execution as root for ACL limited resellers via cluster configuration interfaces.

    Security Rating
    cPanel has assigned a Security Level of Important to this vulnerability.

    Description
    Resellers with the 'clustering' ACL could inject data using newlines and NUL bytes into the form parameters of the cluster configuration interfaces. This flaw could then be leveraged to execute arbitrary code as root via string eval()s in various other interfaces.

    Credits
    This issue was discovered by Rack911.

    Solution
    This issue is resolved in the following builds:

    11.42.0.4
    11.40.1.10
    11.38.2.16



    _______________________________

    Case: 87433

    Summary
    Injection of arbitrary settings into cpuser files via mxcheck setting.

    Security Rating
    cPanel has assigned a Security Level of Moderate to this vulnerability.

    Description
    The WHM /script2/savemx and /cgi/zoneeditor.cgi interfaces allowed resellers with the "edit-mx" or "edit-dns" ACLs to modify the mxcheck setting for accounts under their control. By injecting newlines into this setting, a malicious reseller could alter other settings for the account that are stored in the account's cpuser file.

    Credits
    This issue was discovered by the cPanel Security Team.

    Solution
    This issue is resolved in the following builds:

    11.42.0.4
    11.40.1.10
    11.38.2.16



    _______________________________

    Case: 87437

    Summary
    ACL limited resellers allowed to disable digest authentication for arbitrary accounts.

    Security Rating
    cPanel has assigned a Security Level of Minor to this vulnerability.

    Description
    Due to a lack of ACL enforcement, an ACL limited reseller could disable digest authentication for any account on the system using WHM's XML-API. The ACL protections for this functionality have been updated to require that ACL limited resellers own any accounts they modify in this fashion.

    Credits
    This issue was discovered by the cPanel Security Team.

    Solution
    This issue is resolved in the following builds:

    11.42.0.4
    11.40.1.10
    11.38.2.16



    _______________________________

    Case: 87625

    Summary
    ACL limited resellers allowed to restore backups for the accounts they control.

    Security Rating
    cPanel has assigned a Security Level of Minor to this vulnerability.

    Description
    The WHM XML-API allowed all resellers to restore backups for any accounts they own. The equivalent functionality in WHM's HTML interfaces restricted the ability to restore accounts from backups to resellers with the "all" ACL.

    Credits
    This issue was discovered by the cPanel Security Team.

    Solution
    This issue is resolved in the following builds:

    11.42.0.4
    11.40.1.10
    11.38.2.16



    _______________________________

    Case: 88061

    Summary
    Mis-assignment of IP addresses for ACL limited resellers via createacct.

    Security Rating
    cPanel has assigned a Security Level of Moderate to this vulnerability.

    Description
    With certain combinations of IP delegations and free IP address space, reseller accounts with the 'add-pkg-ip' ACL could install new accounts onto IP addresses delegated to another reseller. This might allow a malicious reseller account to capture web traffic intended for other accounts on the system.

    Credits
    This issue was discovered by the cPanel Security Team.

    Solution
    This issue is resolved in the following builds:

    11.42.0.4
    11.40.1.10
    11.38.2.16



    _______________________________

    Case: 88341

    Summary
    Arbitrary code execution for ACL limited resellers during account creation.

    Security Rating
    cPanel has assigned a Security Level of Important to this vulnerability.

    Description
    A flaw in the new account creation process resulted in the Ruby 'gem' command running with the effective UID of the newly created user and the real UID of root. A malicious reseller account could leverage this flaw to execute arbitrary Ruby code with root's UID during the account creation process.

    Credits
    This issue was discovered by the cPanel Security Team.

    Solution
    This issue is resolved in the following builds:

    11.42.0.4
    11.40.1.10
    11.38.2.16



    _______________________________

    Multiple Cases (55)

    Summary
    Multiple XSS vulnerabilities in various interfaces.

    Description
    Output filtering errors in several different interfaces allowed JavaScript inputs to be returned to the browser without proper filtering. The affected interfaces are listed below.

    Case: 84633
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/htaccess/deluser.html, /frontend/x3/indexmanager/changepro.html, /frontend/x3/indexmanager/dohtaccess.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 84877
    Security Rating: Minor
    XSS Type: Self
    Interface: WHM
    URLs: /scripts3/initial_setup_wizard4
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Christy Philip Mathew

    Case: 84881
    Security Rating: Moderate
    XSS Type: Stored
    Interface: cPanel
    URLs: /frontend/x3/mail/def.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Christy Philip Mathew

    Case: 84885
    Security Rating: Minor
    XSS Type: Self
    Interface: WHM
    URLs: /x3/mail/filters/editfilter.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Christy Philip Matthew

    Case: 84893
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/mail/conf.html, /frontend/x3/mail/saveconf.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Christy Philip Mathew

    Case: 84897
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/stats/detailsubbw.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Christy Philip Mathew

    Case: 84901
    Security Rating: Moderate
    XSS Type: Stored
    Interface: cPanel
    URLs: /frontend/x3/cpanelpro/filelist-thumbs.html, /frontend/paper_lantern/cpanelpro/filelist-thumbs.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Christy Philip Mathew

    Case: 85029
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/mail/csvimport.html, /frontend/x3/mail/csvimport-step2.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Shubham Mittal

    Case: 85133
    Security Rating: Moderate
    XSS Type: Stored
    Interface: cPanel
    URLs: /frontend/x3/filemanager/editit.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Shubham Mittal

    Case: 85177
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/cgi/Clock/docode.html, /frontend/x3/cgi/Countdown/docode.htm, /frontend/x3/cgi/Counter/docode.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Paweł Hałdrzyński

    Case: 85229
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/psql/deldb.html, /frontend/x3/psql/deldb.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 85249
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/psql/addusertodb.html, /frontend/x3/psql/addusertodb.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 85273
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/mime/addhotlink.html
    Affected Releases: 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 85457
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/mail/editmsgs.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Ankit Mittal

    Case: 85461
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/mail/showq.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Ankit Mittal

    Case: 85589
    Security Rating: Minor
    XSS Type: Self
    Interface: WHM
    URLs: /scripts2/dotweaksettings
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Ernesto Martin

    Case: 85977
    Security Rating: Minor
    XSS Type: Self
    Interface: WHM
    URLs: /scripts/addpkg2
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Olivier Beg

    Case: 85985
    Security Rating: Minor
    XSS Type: Self
    Interface: WHM
    URLs: /scripts2/edit_sourceipcheck, /x3/security/security-questions.html, /paper_lantern/security/security-questions.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: Olivier Beg

    Case: 86329
    Security Rating: Important
    XSS Type: Stored
    Interface: WHM
    URLs: /scripts/doeditmx
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 87081
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/mime/add_redirect.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: SimranJeet Singh

    Case: 87417
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/err/erredit.html, /frontend/x3/filemanager/editit.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: SimranJeet Singh

    Case: 87457
    Security Rating: Minor
    XSS Type: Self
    Interface: WHM
    URLs: /cgi/cpaddons_feature.pl
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88093
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/backup/fullbackup.html, /frontend/x3/backup/wizard-fullbackup.html, /frontend/paper_lantern/backup/fullbackup.html, /frontend/paper_lantern/backup/wizard-fullbackup.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88097
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/backup/doupload.html, /frontend/paper_lantern/backup/doupload.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88129
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/backup/dosqlupload.html, /frontend/paper_lantern/backup/dosqlupload.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88133
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/backup/doafupload.html, /frontend/paper_lantern/backup/doafupload.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88137
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/backup/wizard-dofullbackup.html, /frontend/x3/backup/dofullbackup.html, /frontend/paper_lantern/backup/wizard-dofullbackup.html, /frontend/paper_lantern/backup/dofullbackup.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88141
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/denyip/add.html, /frontend/x3/denyip/add.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88145
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/denyip/del.html, /frontend/x3/denyip/del.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88149
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/denyip/index.html, /frontend/x3/denyip/index.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88153
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/cpanelpro/filelist-convert.html, /frontend/paper_lantern/cpanelpro/filelist-scale.html, /frontend/paper_lantern/cpanelpro/filelist-thumbs.html, /frontend/x3/cpanelpro/filelist-convert.html, /frontend/x3/cpanelpro/filelist-scale.html, /frontend/x3/cpanelpro/filelist-thumbs.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88157
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/files/savefile.html, /frontend/paper_lantern/files/savefile.html, /frontend/x3/files/savefile.html, /frontend/x3/files/savefile.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88165
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/x3/files/extractfile.html, /frontend/paper_lantern/files/extractfile.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88173
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/files/showfile.html, /frontend/x3/files/showfile.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88181
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/fp/addfp.html, /frontend/paper_lantern/fp/delfp.html, /frontend/x3/fp/addfp.html, /frontend/x3/fp/delfp.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88209
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/htaccess/leechprotect/dohtaccess.html, /frontend/paper_lantern/htaccess/leechprotect/doleech.html, /frontend/x3/htaccess/leechprotect/dohtaccess.html, /frontend/x3/htaccess/leechprotect/doleech.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88213
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/net/dnslook.html, /frontend/x3/net/dnslook.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88229
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/park/dodelparked.html, /frontend/x3/park/dodelparked.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88253
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/psql/deluserfromdb.html, /frontend/x3/psql/deluserfromdb.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88257
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/stats/analog.html, /frontend/x3/stats/analog.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88261
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/addon/saveredirect.html, /frontend/x3/addon/saveredirect.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88265
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/subdomain/doadddomain.html, /frontend/x3/subdomain/doadddomain.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88269
    Security Rating: Moderate
    XSS Type: Stored
    Interface: cPanel
    URLs: /frontend/x3/addoncgi/cpaddons.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88277
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/sql/PhpMyAdmin.html, /frontend/paper_lantern/backup/index.html, /frontend/x3/sql/PhpMyAdmin.html, /frontend/x3/backup/index.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88281
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/mail/queuesearch.html, /frontend/x3/mail/queuesearch.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88285
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/cpanelpro/changestatus.html, /frontend/x3/cpanelpro/changestatus.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88289
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/mail/editmsg.html, /frontend/x3/mail/editmsg.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88293
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/cpanelpro/editmsgs.html, /frontend/x3/cpanelpro/editmsgs.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88297
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/cpanelpro/msgaction.html, /frontend/x3/cpanelpro/msgaction.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88301
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/mail/resetmsg.html, /frontend/x3/mail/resetmsg.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88305
    Security Rating: Moderate
    XSS Type: Stored
    Interface: cPanel
    URLs: /frontend/paper_lantern/mail/conf.html, /frontend/x3/mail/conf.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88309
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/mail/showlog.html, /frontend/x3/mail/showlog.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88313
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/mail/showmsg.html, /frontend/x3/mail/showmsg.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88321
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/cpanelpro/editlists.html, /frontend/x3/cpanelpro/editlists.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    Case: 88325
    Security Rating: Minor
    XSS Type: Self
    Interface: cPanel
    URLs: /frontend/paper_lantern/mail/conf.html, /frontend/x3/mail/conf.html
    Affected Releases: 11.42.0, 11.40.1, 11.38.2
    Reporter: cPanel Security Team

    cPanel includes a comprehensive protection mechanism against XSS and XSRF attacks called Security Tokens. Security Tokens protection is enabled by default in all installs of cPanel & WHM. When Security Tokens protection is enabled, an attacker intending to utilize any self-XSS vulnerabilities must convince the victim to navigate their browser to the appropriate cPanel or WHM interface and manually input the JavaScript payload.

    Credits
    These issues were discovered by the respective reporters listed above.

    Solution
    These issues are resolved in the following builds:
    11.42.0.4
    11.40.1.10
    11.38.2.16


    Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/


    _______________________________


    Questions?: Complimentary support is available to all license holders: Submit a request here.
     
Loading...

Share This Page