Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAGKPZDXQ6KRUGQVRAO6N4PCINP6KS5F/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHV3TUU53WCKJ3BBRK2EHAF44MSZEFK6/ | |
https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html | Patch Release Notes Third Party Advisory |
https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html | Patch Release Notes Third Party Advisory |
Configurations
History
07 Nov 2023, 03:07
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
10 Feb 2023, 03:06
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html - Mailing List, Third Party Advisory |
29 Nov 2022, 19:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian
Debian debian Linux Fedoraproject Fedoraproject fedora |
|
CPE | cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHV3TUU53WCKJ3BBRK2EHAF44MSZEFK6/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAGKPZDXQ6KRUGQVRAO6N4PCINP6KS5F/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html - Third Party Advisory |
20 Jun 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-11-15 04:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-18928
Mitre link : CVE-2019-18928
CVE.ORG link : CVE-2019-18928
JSON object : View
Products Affected
fedoraproject
- fedora
cyrus
- imap
debian
- debian_linux
CWE