Multiple vulnerabilities in cPanel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | N/A |
| CWE-ID | CWE-524 CWE-284 CWE-117 CWE-426 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
cPanel Web applications / Remote management & hosting panels |
| Vendor |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Use of cache containing sensitive information
EUVDB-ID: #VU98791
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-524 - Use of Cache Containing Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to caching a valid username is auto-populating in the Username login field in some cases/circumstances. A remote attacker can trick the victim to login into the application and obtain the username from the login page cache.
Install updates from vendor's website.
Vulnerable software versionscPanel: before 11.124.0.4
CPE2.3http://news.cpanel.com/target-security-release-2024-0001-disclosure/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU98792
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to delete another user’s email accounts cache file
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and another user’s email accounts cache file via bin/update_quota_cache.
MitigationInstall updates from vendor's website.
Vulnerable software versionscPanel: before 11.124.0.4
CPE2.3http://news.cpanel.com/target-security-release-2024-0001-disclosure/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Output Neutralization for Logs
EUVDB-ID: #VU98793
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-117 - Improper Output Neutralization for Logs
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to alter information in the log file.
the vulnerability exists due to incorrect processing certain encodings in the cPanel login_log. A remote attacker can craft the username for a failed login attempt so that it would create a confusing multi-line log entry in the login_log. This entry could make it appear that a user successfully logged into the server even though it was just an entry from a failed login attempt.
Install updates from vendor's website.
Vulnerable software versionscPanel: before 11.124.0.4
CPE2.3http://news.cpanel.com/target-security-release-2024-0001-disclosure/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Untrusted search path
EUVDB-ID: #VU98794
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path when loading Perl modules. A local user can place a malicious module into a specific location on the system and execute arbitrary code with escalated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionscPanel: before 11.110.0.44
CPE2.3http://news.cpanel.com/target-security-release-2024-0001-disclosure/
http://github.com/perl/perl5/issues/15263
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
