Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
References
Link | Resource |
---|---|
https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released | Patch Release Notes Vendor Advisory |
https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html | Patch Release Notes Vendor Advisory |
https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html | Patch Release Notes Vendor Advisory |
https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released | Patch Release Notes Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/ | Mailing List Third Party Advisory |
Information
Published : 2021-05-10 07:15
Updated : 2022-04-01 06:58
NVD link : CVE-2021-32056
Mitre link : CVE-2021-32056
JSON object : View
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource
Products Affected
cyrus
- imap
fedoraproject
- fedora