Vulnerability CVE-2019-18928


Published: 2019-11-15   Modified: 2019-11-16

Description:
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.

Type:

CWE-269

(Improper Privilege Management)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Cyrus -> IMAP 

 References:
https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html
https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html

Copyright 2021, cxsecurity.com

 

Back to Top