User bypassing disabled features?

esaesa

Member
Mar 6, 2014
17
3
3
Egypt
cPanel Access Level
Root Administrator
Hi
In feature manager i disabled the feature of "Email Filters". now it is not exist in the menu of webmail. but when the logged in user change the url
........../webmail/paper_lantern/index.html
to
........./webmail/paper_lantern/mail/filters/editfilter.html?account=&filtername=

he can access to the feature gui.

Is is a security issue?
 

cPanelJackson

Release Manager
Staff member
Aug 12, 2010
42
11
133
cPanel Access Level
Root Administrator
Hi there,

I have opened CPANEL-17107 to address this issue, and you should see it mentioned in our changelogs once a fix is available. In the future, potential security issues should be reported to [email protected].


Thanks!