In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).Referenceshttps://documentation.cpanel.net/display/CL/70+Change+Log
