CVE-2019-18928 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-18928 Interim 1 5 2025-04-04T23:29:15Z current 2023-10-31T00:42:09Z 2025-04-04T23:29:15Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-18928 Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server 12 SP1-LTSS openSUSE Tumbleweed cyradm-3.8.4-1.1 cyrus-imapd cyrus-imapd-3.0.7-19.el8 cyrus-imapd-3.8.4-1.1 cyrus-imapd-devel-3.8.4-1.1 cyrus-imapd-snmp-3.8.4-1.1 cyrus-imapd-snmp-mibs-3.8.4-1.1 cyrus-imapd-utils-3.0.7-19.el8 cyrus-imapd-utils-3.8.4-1.1 cyrus-imapd-vzic-3.0.7-19.el8 libcyrus0-3.8.4-1.1 perl-Cyrus-Annotator-3.8.4-1.1 perl-Cyrus-IMAP perl-Cyrus-IMAP-3.8.4-1.1 perl-Cyrus-SIEVE-managesieve perl-Cyrus-SIEVE-managesieve-3.8.4-1.1 cyrus-imapd-3.0.7-19.el8 as a component of SUSE Liberty Linux 8 cyrus-imapd-utils-3.0.7-19.el8 as a component of SUSE Liberty Linux 8 cyrus-imapd-vzic-3.0.7-19.el8 as a component of SUSE Liberty Linux 8 cyradm-3.8.4-1.1 as a component of openSUSE Tumbleweed cyrus-imapd-3.8.4-1.1 as a component of openSUSE Tumbleweed cyrus-imapd-devel-3.8.4-1.1 as a component of openSUSE Tumbleweed cyrus-imapd-snmp-3.8.4-1.1 as a component of openSUSE Tumbleweed cyrus-imapd-snmp-mibs-3.8.4-1.1 as a component of openSUSE Tumbleweed cyrus-imapd-utils-3.8.4-1.1 as a component of openSUSE Tumbleweed libcyrus0-3.8.4-1.1 as a component of openSUSE Tumbleweed perl-Cyrus-Annotator-3.8.4-1.1 as a component of openSUSE Tumbleweed perl-Cyrus-IMAP-3.8.4-1.1 as a component of openSUSE Tumbleweed perl-Cyrus-SIEVE-managesieve-3.8.4-1.1 as a component of openSUSE Tumbleweed cyrus-imapd as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata cyrus-imapd as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata cyrus-imapd as a component of SUSE Linux Enterprise Server 11 SP4 LTSS perl-Cyrus-IMAP as a component of SUSE Linux Enterprise Server 12 SP1-LTSS perl-Cyrus-SIEVE-managesieve as a component of SUSE Linux Enterprise Server 12 SP1-LTSS cyrus-imapd as a component of SUSE Linux Enterprise Server 12 SP1-LTSS Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. CVE-2019-18928 SUSE Liberty Linux 8:cyrus-imapd-3.0.7-19.el8 SUSE Liberty Linux 8:cyrus-imapd-utils-3.0.7-19.el8 SUSE Liberty Linux 8:cyrus-imapd-vzic-3.0.7-19.el8 openSUSE Tumbleweed:cyradm-3.8.4-1.1 openSUSE Tumbleweed:cyrus-imapd-3.8.4-1.1 openSUSE Tumbleweed:cyrus-imapd-devel-3.8.4-1.1 openSUSE Tumbleweed:cyrus-imapd-snmp-3.8.4-1.1 openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-3.8.4-1.1 openSUSE Tumbleweed:cyrus-imapd-utils-3.8.4-1.1 openSUSE Tumbleweed:libcyrus0-3.8.4-1.1 openSUSE Tumbleweed:perl-Cyrus-Annotator-3.8.4-1.1 openSUSE Tumbleweed:perl-Cyrus-IMAP-3.8.4-1.1 openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-3.8.4-1.1 SUSE Linux Enterprise Server 11 SP1 for Teradata:cyrus-imapd SUSE Linux Enterprise Server 11 SP3 for Teradata:cyrus-imapd SUSE Linux Enterprise Server 11 SP4 LTSS:cyrus-imapd SUSE Linux Enterprise Server 12 SP1-LTSS:cyrus-imapd SUSE Linux Enterprise Server 12 SP1-LTSS:perl-Cyrus-IMAP SUSE Linux Enterprise Server 12 SP1-LTSS:perl-Cyrus-SIEVE-managesieve critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H