HTTP Request Privilege Escalation in Cyrus IMAP 2.5.x and 3.x
CVE-2019-18928 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
Learn more about our Web Application Penetration Testing UK.