Lucene search

GoogleOSV:CVE-2021-32056

HistoryMay 10, 2021 - 2:15 p.m.

CVE-2021-32056

2021-05-1014:15:07

Google

osv.dev

cyrus imap

remote authenticated users

access restrictions

server annotations

replication stall

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

44.9%

JSON

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.

References

cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released

cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/

www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html

www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html