Lucene search

Veracode Vulnerability DatabaseVERACODE:30426

HistoryMay 13, 2021 - 7:04 a.m.

Authorization Bypass

2021-05-1307:04:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cyrus imap

authorization bypass

remote user

access restrictions

replication stall

EPSS

0.001

Percentile

44.9%

JSON

Cyrus IMAP is vulnerable to authorization bypass. A remote authenticated user is able to bypass intended access restrictions on server annotations and consequently cause replication to stall.

References

bugzilla.redhat.com/show_bug.cgi?id=1959138

cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released

cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released

lists.fedoraproject.org/archives/list/[email protected]/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/

lists.fedoraproject.org/archives/list/[email protected]/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/

security-tracker.debian.org/tracker/CVE-2021-32056

www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html

www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html

EPSS

0.001

Percentile

44.9%

JSON

Related for VERACODE:30426