CVE-2019-18928

CRITICAL

9.8

Description

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie11/15/2019

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

cyrus:imapdebian:debian_linuxfedoraproject:fedora

References

https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html(cve@mitre.org)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAGKPZDXQ6KRUGQVRAO6N4PCINP6KS5F/(cve@mitre.org)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHV3TUU53WCKJ3BBRK2EHAF44MSZEFK6/(cve@mitre.org)

https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html(cve@mitre.org)

https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html(cve@mitre.org)

https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html(af854a3a-2127-422b-91ae-364da2661108)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAGKPZDXQ6KRUGQVRAO6N4PCINP6KS5F/(af854a3a-2127-422b-91ae-364da2661108)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHV3TUU53WCKJ3BBRK2EHAF44MSZEFK6/(af854a3a-2127-422b-91ae-364da2661108)

https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.