CVE-2018-20895 : What You Need to Know

Prior to cPanel version 71.9980.37, API tokens were observed to maintain their access control lists (ACLs) even after these ACLs were deleted from the associated accounts (SEC-393).

Understanding CVE-2018-20895

In cPanel before version 71.9980.37, a specific vulnerability allowed API tokens to retain ACLs after the corresponding ACLs were removed from the associated accounts.

What is CVE-2018-20895?

The vulnerability in cPanel versions prior to 71.9980.37 allowed API tokens to persist access control lists (ACLs) even after deletion from the associated accounts.

The Impact of CVE-2018-20895

This vulnerability could lead to unauthorized access to resources and data due to the persistence of access control lists (ACLs) in API tokens.

Technical Details of CVE-2018-20895

In-depth technical information about the vulnerability.

Vulnerability Description

The issue in cPanel versions before 71.9980.37 allowed API tokens to maintain ACLs despite removal from the associated accounts, potentially leading to unauthorized access.

Affected Systems and Versions

Affected System: cPanel versions before 71.9980.37
Affected Component: API tokens
Versions: All versions before 71.9980.37

Exploitation Mechanism

The vulnerability could be exploited by malicious actors to retain access privileges through API tokens even after the corresponding ACLs were deleted.

Mitigation and Prevention

Measures to address and prevent the CVE-2018-20895 vulnerability.

Immediate Steps to Take

Upgrade to cPanel version 71.9980.37 or later to mitigate the vulnerability.
Regularly review and revoke unnecessary API tokens.

Long-Term Security Practices

Implement a regular review process for access control lists (ACLs) and API tokens.
Educate users on the importance of managing and revoking access appropriately.

Patching and Updates

Apply patches and updates provided by cPanel to ensure the security of the system.