On January 18, 2016, cPanel announced that it had discovered vulnerabilities affecting all current versions of its control panel software. At the time of the announcement, cPanel issued a Targeted Security Release for each software tier, which the company said addresses 20 vulnerabilities in cPanel and WHM.
Because the issues were discovered internally by cPanel, and cPanel does not believe that there are any exploits of the vulnerabilities in the wild, they are not yet releasing any additional information on the exact nature of the issues. The company will allow sufficient time for potentially vulnerable servers to be updated before providing additional information.
- All servers running a version of cPanel/WHM lower than the versions indicated below are affected. All servers running a version of cPanel/WHM equal to or greater than those below are not affected:
- 54.0.4 (WHM 54.0 build 4) on the CURRENT and EDGE Tiers
- 18.104.22.168 (WHM 11.52.2 build 4) on the STABLE and RELEASE Tiers
- 22.214.171.124 (WHM 11.50.4 build 3) and 126.96.36.199 (WHM 11.48.5 build 2) on the Long-Term Support (LTS) Tiers
There are no known “in the wild” exploits of the read more….