cPanel released updates that address security concerns with the cPanel & WHM product. The cPanel team stated that new builds for all public update tiers are currently available to all customers via the standard update system. The vulnerabilities addressed by the patch have CVSSv3 scores ranging from 4.7 to 5.5.
CVSSv3 scores from 4.7 to 5.5
The cPanel team also urged users who have disabled automatic updates to update their cPanel & WHM installations as soon as possible. cPanel also stated that there is no reason to believe that these vulnerabilities have been made known to the public. Thus cPanel will only release limited information about the vulnerabilities. cPanel will release additional information about the nature of the security issues when cPanel & WHM systems are automatically updated to the new versions. The following cPanel & WHM versions address all known vulnerabilities:
- 90.0.10 & Greater
- 88.0.17 & Greater
- 86.0.27 & Greater