cPanel prior to 68.0.27 allows malicious users to read a copy of httpd.conf that is created during a syntax test (SEC-353).
cpanel cpanel