cPanel prior to 71.9980.37 allows malicious users to read root's crontab file by leveraging ClamAV installation (SEC-408).
cpanel cpanel