CVE-2018-20905

Published: Aug 1, 2019Modified: Nov 21, 2024

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429).

Affected (4)

Products: Cpanel: Cpanel

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Cpanel Cpanel	From 61.9999.55 to 62.0.47
Cpanel Cpanel	From 67.9999.64 to 68.0.39
Cpanel Cpanel	From 69.9999.122 to 70.0.43
Cpanel Cpanel	From 71.9980.30 to 71.9980.37

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://documentation.cpanel.net/display/CL/72+Change+Log

Source: cve@mitre.org

Release NotesVendor Advisory

https://documentation.cpanel.net/display/CL/72+Change+Log

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.