cPanel prior to 82.0.18 allows malicious users to conduct arbitrary chown operations as root during log processing (SEC-532).
cpanel cpanel