CVE-2021-32056
Published: 10 May 2021
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
cyrus-imapd Launchpad, Ubuntu, Debian |
bionic |
Needed
|
| focal |
Needed
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needed
|
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| lunar |
Ignored
(end of life, was needed)
|
|
| mantic |
Needed
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(3.2.7, 3.4.1)
|
|
| xenial |
Ignored
(end of standard support)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.3 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
References
- https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995
- https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released
- https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html
- https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html
- https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released
- https://www.cve.org/CVERecord?id=CVE-2021-32056
- NVD
- Launchpad
- Debian