CVE-2024-48208 pure-ftpd
-
Hey there! Yes, our team has case SEC-67274 to get this resolved, so we're on the case!
0 -
Perfect , many thanks.
Is there an assessment how critical it is?
For now we have disabled ftp on all of our cpanel servers.0 -
cPanel has had FTP disabled by default since version 86, so we encourage people to use other means to move files to their server, such as the cPanel >> File Manager.
As for the severity, RedHat has listed it as "important" and you can see their explanation of ratings here - https://access.redhat.com/security/updates/classification/
0 -
Thanks, but we have many customers with sub FTP Accounts (Users) and Scripts using FTP over TLS. So they can not use the Filemanager or SFTP.
Or is there a way for a sub SFTP account (create an acount specific to folder without ftp)?any new timeline?
0 -
No, there wouldn't be a way for those subusers to access File Manager - that was just an alternate recommendation in general outside of additional FTP users.
Our team is still working on the case and I'll be sure to post an update once I have one to share!
0 -
many thanks. so
"cPanel has had FTP disabled by default since version 86, so we encourage people to use other means to move files to their server, such as the cPanel >> File Manager."
is no alternative to us.
many thanks for update.
0 -
You're very welcome!
0 -
Any news, our customers waiting for it.
thanks.
0 -
I don't have any updates to share on this one just yet.
0 -
update is there, many many thanks.
0 -
I checked the case just now and it looks like they are still working on it - I'll be sure to post if I hear anything on my end.
0
Please sign in to leave a comment.
Comments
11 comments