Several critical XSS security issues have been identified that affects all versions of MediaCP Audio and Video Panel.
The security vulnerabilities may allow an unauthorized attacker to gain admin access to the MediaCP software.
We have published new minor updates to the LTS, Stable, and Latest release tiers and urge all customers to upgrade MediaCP immediately.
Severity: Critical
Versions Affected: <= 2.13.13, <= 2.14.8, <= 2.15.1
References: MCP-2970, MCP-2969
What should I do?
You should upgrade MediaCP immediately, as soon as possible.
If you are unable to upgrade due to an unsupported operating system we do have two hot-fixes available for 2.13.x and 2.14.x
2.13.x Hot-fix:
- Access your server over SSH as the root user
- Run
the following to apply the hot-fix
bash <(curl -s https://mirror.mediacp.net/download/hotfix/MCP-2969-2970-2980-21314.txt?v1)
2.14.x Hot-fix:
- Access your server over SSH as the root user
- Run
the following to apply the hot-fix
bash <(curl -s https://mirror.mediacp.net/download/hotfix/MCP-2969-2970-2980-2149.txt?v2)
Can the hot-fix be applied to earlier versions?
The hot-fixes are built specifically for the currently supported releases of 2.13, 2.14, and 2.15 and may not be compatible. We do not recommend applying the hot-fix to versions earlier than 2.13.
