Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

User bypassing disabled features?

Discussion in 'User Experience' started by esaesa, Nov 25, 2017.

Tags:
  1. esaesa

    esaesa Member

    Joined:
    Mar 6, 2014
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi
    In feature manager i disabled the feature of "Email Filters". now it is not exist in the menu of webmail. but when the logged in user change the url
    ........../webmail/paper_lantern/index.html
    to
    ........./webmail/paper_lantern/mail/filters/editfilter.html?account=&filtername=

    he can access to the feature gui.

    Is is a security issue?
     
  2. cPanelJackson

    cPanelJackson Product Owner - cPanel Security Team
    Staff Member

    Joined:
    Aug 12, 2010
    Messages:
    33
    Likes Received:
    10
    Trophy Points:
    133
    cPanel Access Level:
    Root Administrator
    Hi there,

    I have opened CPANEL-17107 to address this issue, and you should see it mentioned in our changelogs once a fix is available. In the future, potential security issues should be reported to security@cpanel.net.


    Thanks!
     
Loading...

Share This Page