Sensitive Information Disclosure in Acronis Backup Plugin for cPanel & WHM
CVE-2024-34015

3.3LOW

Key Information:

Vendor
Acronis
Vendor
CVE Published:
11 November 2024

Summary

The Acronis Backup plugin for cPanel & WHM has a vulnerability that allows for sensitive information disclosure during file browsing. This occurs due to improper handling of symbolic links, which can expose critical user and system data, creating significant data security risks. Affected users are urged to update to build 818 or later to mitigate this exposure.

Affected Version(s)

Acronis Backup plugin for cPanel & WHM Linux < 1.8.3.818

Acronis Backup plugin for cPanel & WHM Linux < 1.9.1.892

References

CVSS V3.0

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.