SB2019080519 - Multiple vulnerabilities in cPanel, cPanel
Published: August 5, 2019 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Credentials management (CVE-ID: CVE-2017-18470)
The vulnerability allows a remote authenticated user to execute arbitrary code.
cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).
2) Cross-site scripting (CVE-ID: CVE-2017-18471)
The vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).
3) Cross-site scripting (CVE-ID: CVE-2017-18472)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).
4) Cross-site scripting (CVE-ID: CVE-2017-18473)
The vulnerability allows a remote authenticated user to read and manipulate data.
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).
5) Information disclosure (CVE-ID: CVE-2017-18474)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
6) Input validation error (CVE-ID: CVE-2017-18475)
The vulnerability allows a remote authenticated user to execute arbitrary code.
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
7) Security Features (CVE-ID: CVE-2017-18476)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).
8) Security Features (CVE-ID: CVE-2017-18477)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).
9) Information disclosure (CVE-ID: CVE-2017-18478)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).
10) Improper Certificate Validation (CVE-ID: CVE-2017-18479)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
11) Security Features (CVE-ID: CVE-2017-18480)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).
12) Cross-site scripting (CVE-ID: CVE-2017-18481)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
13) Input validation error (CVE-ID: CVE-2017-18482)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).
Remediation
Install update from vendor's website.