Vulnerability CVE-2018-20867


Published: 2019-07-30

Description:
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).

Type:

CWE-601

(URL Redirection to Untrusted Site ('Open Redirect'))

Vendor: Cpanel
Product: Cpanel 
Version:
76.0.7
76.0.6
76.0.5
76.0.4
76.0.3
76.0.2
76.0.1
76.0.0
75.9999.218
75.9999.199
74.0.9
74.0.8
74.0.6
74.0.5
74.0.4
74.0.2
74.0.12
74.0.11
74.0.10
74.0.1
74.0.0
73.9980.0
72.0.9
72.0.7
72.0.5
72.0.4
72.0.3
72.0.12
72.0.11
72.0.10
71.9980.45
71.9980.37
71.9980.34
71.9980.30
70.0.9
70.0.8
70.0.69
70.0.68
70.0.67
70.0.66
70.0.63
70.0.62
70.0.61
70.0.60
70.0.6
70.0.59
70.0.57
70.0.55
70.0.54
70.0.53
70.0.52
70.0.51
70.0.5
70.0.48
70.0.47
70.0.46
70.0.44
70.0.43
70.0.42
70.0.41
70.0.4
70.0.39
70.0.38
70.0.34
70.0.32
70.0.31
70.0.30
70.0.29
70.0.27
70.0.26
70.0.24
70.0.23
70.0.2
70.0.18
70.0.17
70.0.16
70.0.13
70.0.12
70.0.10
69.9999.150
69.9999.149
69.9999.145
69.9999.141
69.9999.140
69.9999.139
69.9999.138
69.9999.134
69.9999.132
69.9999.125
69.9999.122
68.0.9
68.0.8
68.0.7
68.0.6
68.0.4
68.0.39
68.0.38
68.0.37
68.0.36
68.0.34
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
https://documentation.cpanel.net/display/CL/76+Change+Log

Related CVE
CVE-2016-10812
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
CVE-2016-10811
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
CVE-2016-10810
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).
CVE-2016-10809
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).
CVE-2016-10808
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).
CVE-2016-10807
cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112).
CVE-2016-10806
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).
CVE-2016-10805
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).

Copyright 2019, cxsecurity.com

 

Back to Top