CVE-2019-18928

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-18928
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18928.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-18928
Downstream
Related
Published
2019-11-15T04:15:10Z
Modified
2025-10-15T10:38:59.927899Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.

References

Affected packages

Git / github.com/cyrusimap/cyrus-imapd

Affected ranges

Type
GIT
Repo
https://github.com/cyrusimap/cyrus-imapd
Events
Introduced
5549888feb02784120b7ef0c8a26390b83125108
Fixed
8bec158a9339eb6b9c4812b8339cb4d442e543ac

Affected versions

cyrus-imapd-2.*

cyrus-imapd-2.5.0
cyrus-imapd-2.5.1
cyrus-imapd-2.5.10
cyrus-imapd-2.5.11
cyrus-imapd-2.5.12
cyrus-imapd-2.5.13
cyrus-imapd-2.5.2
cyrus-imapd-2.5.3
cyrus-imapd-2.5.4
cyrus-imapd-2.5.5
cyrus-imapd-2.5.6
cyrus-imapd-2.5.7
cyrus-imapd-2.5.8
cyrus-imapd-2.5.9