Server Annotation Access Restriction Bypass in Cyrus IMAP

Server Annotation Access Restriction Bypass in Cyrus IMAP

CVE-2021-32056 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.

Learn more about our Cis Benchmark Audit For Server Software.