Design/Logic Flaw

2019-08-0217:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260).

CPENameOperatorVersion
cpanelge56.0.1
cpanellt56.0.49
cpanelge58.0.3
cpanellt58.0.49
cpanelge60.0.3
cpanellt60.0.43
cpanelge62.0.1
cpanellt62.0.24
cpanelge64.0.0
cpanellt64.0.21

Name	Operator	Version
cpanel	ge	56.0.1
cpanel	lt	56.0.49
cpanel	ge	58.0.3
cpanel	lt	58.0.49
cpanel	ge	60.0.3
cpanel	lt	60.0.43
cpanel	ge	62.0.1
cpanel	lt	62.0.24
cpanel	ge	64.0.0
cpanel	lt	64.0.21

References

documentation.cpanel.net/display/CL/64+Change+Log

news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/