Skip to main content

CVE-2024-48208 pure-ftpd

Comments

11 comments

  • cPRex Jurassic Moderator

    Hey there!  Yes, our team has case SEC-67274 to get this resolved, so we're on the case!

    0
  • Mrg

    Perfect , many thanks.
    Is there an assessment how critical it is?
    For now we have disabled ftp on all of our cpanel servers.

    0
  • cPRex Jurassic Moderator

    cPanel has had FTP disabled by default since version 86, so we encourage people to use other means to move files to their server, such as the cPanel >> File Manager.

    As for the severity, RedHat has listed it as "important" and you can see their explanation of ratings here - https://access.redhat.com/security/updates/classification/

    0
  • Mrg

    Thanks, but we have many customers with sub FTP Accounts (Users) and Scripts using FTP over TLS. So they can not use the Filemanager or SFTP.
    Or is there a way for a sub SFTP account (create an acount specific to folder without ftp)?

    any new timeline?

    0
  • cPRex Jurassic Moderator

    No, there wouldn't be a way for those subusers to access File Manager - that was just an alternate recommendation in general outside of additional FTP users.

    Our team is still working on the case and I'll be sure to post an update once I have one to share!

    0
  • Mrg

    many thanks. so 

    "cPanel has had FTP disabled by default since version 86, so we encourage people to use other means to move files to their server, such as the cPanel >> File Manager."

    is no alternative to us.

    many thanks for update.

    0
  • cPRex Jurassic Moderator

    You're very welcome!

    0
  • Mrg

    Any news, our customers waiting for it.

    thanks.

    0
  • cPRex Jurassic Moderator

    I don't have any updates to share on this one just yet.

    0
  • Mrg

    update is there, many many thanks.

    0
  • cPRex Jurassic Moderator

    I checked the case just now and it looks like they are still working on it - I'll be sure to post if I hear anything on my end.

    0

Please sign in to leave a comment.