In cPanel prior to 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).
cpanel cpanel