CVE-2024-8767

Name of the Vulnerable Software and Affected Versions Acronis Backup plugin for cPanel & WHM (Linux) versions before build 619 Acronis Backup extension for Plesk (Linux) versions before build 555 Acronis Backup plugin for DirectAdmin (Linux) versions before build 147

Description The issue concerns sensitive data disclosure and manipulation due to unnecessary privileges assignment. This could allow a remote attacker to elevate their privileges. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For Acronis Backup plugin for cPanel & WHM (Linux) versions before build 619, upgrade to a version after build 619. For Acronis Backup extension for Plesk (Linux) versions before build 555, upgrade to a version after build 555. For Acronis Backup plugin for DirectAdmin (Linux) versions before build 147, upgrade to a version after build 147. As a temporary workaround, consider restricting access to sensitive data and limiting privileges to necessary levels until a patch is available.