cPanel prior to 64.0.21 allows malicious users to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257).
cpanel cpanel