Cloudflare_data.yaml File Deletion Vulnerability – CloudFlare cPanel plugin

Cloudflare_data.yaml File Deletion Vulnerability

CloudFlare protects your website against DDoS and accelerates your website using their content delivery networks. Once you use CloudFlare, your website contents will be delivered directly by CloudFlare global networks. It also blocks threats and limit the abusive bots. This helps to save the bandwidth of your website as well as your server resources.

WHMCS Complete Billing and Support

CloudFlare also provides cPanel plugin which allows webhosts to integrate CloudFlare in cPanel directly. There was a vulnerability in CloudFlare (cPanel Plugin) v4.5 as follow:

Vulnerability Description:

It is possible for a malicious user to delete the Cloudflare_Data.yaml file belonging to any user on a server running CloudFlare’s cPanel plugin due to an input validation failure however it is not possible to obtain any sensitive data or anything using this vulnerability.

Vulnerable Version:

This vulnerability was tested against CloudFlare (cPanel Plugin) v4.5 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in CloudFlare cPanel Plugin v4.7.

As always, this vulnerability was discovered by Rack911 (a server management company). It is highly recommended that you upgrade your CloudFlare cPanel Plugin to v4.7 as soon as possible.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.