CVE-2019-18928 — CRITICAL (9.8)

Q: How severe is CVE-2019-18928?

CVE-2019-18928 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-18928?

Check the references section above for vendor advisories and patch information. Affected products include: Cyrus Imap, Fedoraproject Fedora, Debian Debian Linux.

Vulnerability Description

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cyrus	Imap	>= 2.5.0, < 2.5.14
Fedoraproject	Fedora	30
Debian	Debian Linux	9.0

References

https://lists.debian.org/debian-lts-announce/2022/06/msg00013.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.htmlPatchRelease NotesThird Party Advisory
https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.htmlPatchRelease NotesThird Party Advisory
https://lists.debian.org/debian-lts-announce/2022/06/msg00013.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.htmlPatchRelease NotesThird Party Advisory
https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.htmlPatchRelease NotesThird Party Advisory

FAQ

What is CVE-2019-18928?

CVE-2019-18928 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived ...

How severe is CVE-2019-18928?

CVE-2019-18928 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-18928?

Check the references section above for vendor advisories and patch information. Affected products include: Cyrus Imap, Fedoraproject Fedora, Debian Debian Linux.