Cyrus IMAP is vulnerable to authorization bypass. A remote authenticated user is able to bypass intended access restrictions on server annotations and consequently cause replication to stall.
bugzilla.redhat.com/show_bug.cgi?id=1959138
cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released
cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released
lists.fedoraproject.org/archives/list/[email protected]/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/
lists.fedoraproject.org/archives/list/[email protected]/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/
security-tracker.debian.org/tracker/CVE-2021-32056
www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html
www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html