vulnerability
Ubuntu: USN-7224-1 (CVE-2019-18928): Cyrus IMAP Server vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Nov 15, 2019 | Nov 19, 2024 | Mar 27, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Nov 15, 2019
Added
Nov 19, 2024
Modified
Mar 27, 2026
Description
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
Solutions
ubuntu-pro-upgrade-cyrus-caldavubuntu-pro-upgrade-cyrus-clientsubuntu-pro-upgrade-cyrus-commonubuntu-pro-upgrade-cyrus-devubuntu-pro-upgrade-cyrus-imapdubuntu-pro-upgrade-cyrus-murderubuntu-pro-upgrade-cyrus-nntpdubuntu-pro-upgrade-cyrus-pop3dubuntu-pro-upgrade-cyrus-replicationubuntu-pro-upgrade-libcyrus-imap-perl
References
- CVE-2019-18928
- https://attackerkb.com/topics/CVE-2019-18928
- EUVD-EUVD-2019-8601
- UBUNTU-USN-7224-1
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-8601
- https://www.cve.org/CVERecord?id=CVE-2019-18928
- https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html
- https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.