CloudFlare cPanel plugin Vulnerability

CloudFlare protects and accelerates website using their CDN networks. Once you enable CloudFlare for your website, all your traffic is routed to their global networks.

WHMCS Complete Billing and Support

CloudFlare can be integrated with cPanel and they also provide cPanel plugin. A critical symlink attack vulnerability was detected in CloudFlare cPanel plugin version 5.3.2. This vulnerability may exist in prior version as well.

CloudFlare cPanel plugin Vulnerability
Due to a carefully timed symlink attack directed at the cloudflare_data.yaml file, it is possible for a malicious user to change the permissions on any root owned file to 600 which could lead to the OS being disabled. Due to CloudFlare cPanel plugin vulnerability, it is possible to render root owned files permission hence this was rated as high.

This vulnerability was patched in CloudFlare cPanel plugin version 5.3.11. If you are using CloudFlare cPanel plugin, you should immediately upgrade it to latest version.

Posted in Security.