CVE-2019-18928
CRITICAL9.8EPSS 0.39%cyrus-imapd - security update
Published: 11/15/2019Modified: 4/28/2026
Also known as:DEBIAN-CVE-2019-18928
Description
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
Affected packages (2)
- Debian/cyrus-imapdfrom 0, < 3.0.12-1
- Debian/cyrus-imapdfrom 0, < 2.5.10-3+deb9u3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |