Vulnerabilities > CVE-2019-20490 - Unspecified vulnerability in Cpanel

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cpanel

NVD

Published: 2020-03-17

Updated: 2020-08-24

Summary

cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).

Vulnerable Configurations

Part	Description	Count
Application	Cpanel Cpanel Cpanel 77.9999.110 Cpanel Cpanel 77.9999.122 Cpanel Cpanel 77.9999.135 Cpanel Cpanel 78.0.1 Cpanel Cpanel 78.0.2 Cpanel Cpanel 78.0.3 Cpanel Cpanel 78.0.6 Cpanel Cpanel 78.0.7 Cpanel Cpanel 78.0.10 Cpanel Cpanel 78.0.11 Cpanel Cpanel 78.0.12 Cpanel Cpanel 78.0.13 Cpanel Cpanel 78.0.15 Cpanel Cpanel 78.0.16 Cpanel Cpanel 78.0.17 Cpanel Cpanel 78.0.18 Cpanel Cpanel 78.0.20 Cpanel Cpanel 78.0.21 Cpanel Cpanel 78.0.23 Cpanel Cpanel 78.0.24 Cpanel Cpanel 78.0.27 Cpanel Cpanel 78.0.30 Cpanel Cpanel 78.0.32 Cpanel Cpanel 78.0.34 Cpanel Cpanel 78.0.35 Cpanel Cpanel 78.0.36 Cpanel Cpanel 78.0.37 Cpanel Cpanel 78.0.38 Cpanel Cpanel 78.0.39 Cpanel Cpanel 78.0.40 Cpanel Cpanel 78.0.41 Cpanel Cpanel 81.9999.242 Cpanel Cpanel 81.9999.247 Cpanel Cpanel 82.0.0 Cpanel Cpanel 82.0.2 Cpanel Cpanel 82.0.3 Cpanel Cpanel 82.0.4 Cpanel Cpanel 82.0.5 Cpanel Cpanel 82.0.6 Cpanel Cpanel 82.0.7 Cpanel Cpanel 82.0.8 Cpanel Cpanel 82.0.9 Cpanel Cpanel 82.0.10 Cpanel Cpanel 82.0.11 Cpanel Cpanel 82.0.12 Cpanel Cpanel 82.0.13 Cpanel Cpanel 82.0.14 Cpanel Cpanel 82.0.15 Cpanel Cpanel 83.9999.115 Cpanel Cpanel 83.9999.137 Cpanel Cpanel 83.9999.151 Cpanel Cpanel 83.9999.157 Cpanel Cpanel 83.9999.169 Cpanel Cpanel 83.9999.173 Cpanel Cpanel 83.9999.180 Cpanel Cpanel 84.0.0 Cpanel Cpanel 84.0.1 Cpanel Cpanel 84.0.2 Cpanel Cpanel 84.0.4 Cpanel Cpanel 84.0.5 Cpanel Cpanel 84.0.6 Cpanel Cpanel 84.0.7 Cpanel Cpanel 84.0.8 Cpanel Cpanel 84.0.9	64

References

https://documentation.cpanel.net/display/CL/82+Change+Log