cPanel prior to 68.0.27 allows malicious users to read the SRS secret via exim.conf (SEC-308).
cpanel cpanel