CVE-2021-32056

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.

Published: May 10, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-32056
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-732

Affected Software
References

Software	From	Fixed in
cyrus / imap	3.3.0	3.4.1
cyrus / imap	-	3.2.7
fedoraproject / fedora	34	34.x
fedoraproject / fedora	35	35.x

https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released
https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released
https://lists.fedoraproject.org/archives/list/[email protected]/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/
https://lists.fedoraproject.org/archives/list/[email protected]/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/
https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html
https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html

Vulnerability Database

289,697

CVE-2021-32056