CVE-2019-18928
CRITICAL9.8EPSS 0.39%cyrus-imapd - security update
發布日:2019/11/15修改日:2026/4/28
也稱為:DEBIAN-CVE-2019-18928
描述
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
受影響套件(2)
- Debian/cyrus-imapdfrom 0, < 3.0.12-1
- Debian/cyrus-imapdfrom 0, < 2.5.10-3+deb9u3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |