CVE-2021-32056
Publication date 10 May 2021
Last updated 25 August 2025
Ubuntu priority
Description
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| cyrus-imapd | 24.04 LTS noble |
Not affected
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Not in release |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
4.3 · Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
References
Other references
- https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995
- https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released
- https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html
- https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html
- https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released
- https://www.cve.org/CVERecord?id=CVE-2021-32056