cPanel TSR-2018-0006 Full Disclosure

[ad_1] cPanel TSR-2018-0006 Full Disclosure SEC-366 Summary PostgreSQL password changes performed in an insecure manner. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Description When using the WHM ‘Configure PostgreSQL’ interface to change the primary PostgreSQL password, it was possible for unauthorized users to log into PostgreSQL and change the[…]

cPanel TSR-2018-0006 Announcement

[ad_1] cPanel TSR-2018-0006 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 4.7 to[…]

cPanel TSR-2018-0005 Full Disclosure

[ad_1] cPanel TSR-2018-0005 Full Disclosure SEC-409 Summary ClamAV daemon can be shut off by any local user. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Description The userspace socket file for the clamd daemon has open permissions for necessary communication with userspace scanning functionality in cPanel. However, this socket also[…]

cPanel TSR-2018-0005 Announcement

[ad_1] cPanel TSR-2018-0005 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 3.3 to[…]

cPanel TSR-2018-0003 Full Disclosure

[ad_1] cPanel TSR-2018-0003 Full Disclosure SEC-393 Summary API tokens retain ACLs that are removed from accounts. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 6.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Description Starting with cPanel & WHM version 68, it became possible to limit the authorizations of a WHM API token to a subset of the ACLs[…]

cPanel TSR-2018-0003 Announcement

[ad_1] cPanel TSR-2018-0003 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to[…]

cPanel TSR-2018-0002 Full Disclosure

[ad_1] cPanel TSR-2018-0002 Full Disclosure SEC-338 Summary Arbitrary file chmod during legacy incremental backups. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 7.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N Description It was possible for a user to prepare their home directory in a way that after a series of incremental backups they could chmod arbitrary files on[…]

cPanel TSR-2018-0002 Announcement

[ad_1] cPanel TSR-2018-0002 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 3.8 to[…]

cPanel TSR-2018-0001 Full Disclosure

[ad_1] cPanel TSR-2018-0001 Full Disclosure SEC-308 Summary SRS secret revealed in exim.conf. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Description When the experimental SRS option for Exim was enabled, the secret key used to sign SRS email was visible inside the exim.conf file. This setting is now stored in[…]

cPanel TSR-2018-0001 Announcement

[ad_1] cPanel TSR-2018-0001 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from 2.2 to[…]