It has been brought to our attention that a security vulnerability exists in the cPanel Varnish script. It affects Varnish releases 1.8.0-4. 1.2.2b, and older. We urge our subscribers to upgrade to the latest available release. Releases 1.8.0-5 and 1.2.4b have been listed as CRITICAL.
The vulnerability can exploited when you have explicitly granted your reseller(s) root PHP access in WHM or if an insecure plugin has disabled this security feature. More information has been made available in the announcement section at https://www.unixy.net/secure/announcements/12/cPanel-Varnish-Plugin-Security-Release—Important.html