{"id":"CVE-2019-18928","details":"Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.","modified":"2026-03-14T09:34:52.199265Z","published":"2019-11-15T04:15:10.267Z","related":["openSUSE-SU-2025:14968-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAGKPZDXQ6KRUGQVRAO6N4PCINP6KS5F/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHV3TUU53WCKJ3BBRK2EHAF44MSZEFK6/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html"},{"type":"FIX","url":"https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.14.html"},{"type":"FIX","url":"https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.12.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cyrusimap/cyrus-imapd","events":[{"introduced":"5549888feb02784120b7ef0c8a26390b83125108"},{"fixed":"8bec158a9339eb6b9c4812b8339cb4d442e543ac"},{"introduced":"65c252b8a3a05c09b3425ce96e1dc6a11dabbe4a"},{"fixed":"1b3505c9d82118535791ac7c66519865f51d02f4"}],"database_specific":{"versions":[{"introduced":"2.5.0"},{"fixed":"2.5.14"},{"introduced":"3.0.0"},{"fixed":"3.0.12"}]}}],"versions":["cyrus-imapd-2.5.0","cyrus-imapd-2.5.1","cyrus-imapd-2.5.10","cyrus-imapd-2.5.11","cyrus-imapd-2.5.12","cyrus-imapd-2.5.13","cyrus-imapd-2.5.2","cyrus-imapd-2.5.3","cyrus-imapd-2.5.4","cyrus-imapd-2.5.5","cyrus-imapd-2.5.6","cyrus-imapd-2.5.7","cyrus-imapd-2.5.8","cyrus-imapd-2.5.9","cyrus-imapd-3.0.0","cyrus-imapd-3.0.1","cyrus-imapd-3.0.10","cyrus-imapd-3.0.11","cyrus-imapd-3.0.2","cyrus-imapd-3.0.3","cyrus-imapd-3.0.4","cyrus-imapd-3.0.5","cyrus-imapd-3.0.6","cyrus-imapd-3.0.7","cyrus-imapd-3.0.8","cyrus-imapd-3.0.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18928.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}