CVE-2021-32056

Опубликовано: 10 мая 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.

Ссылки

https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released
Patch
Release Notes
Vendor Advisory
https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released
Patch
Release Notes
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/
https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html
Patch
Release Notes
Vendor Advisory
https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html
Patch
Release Notes
Vendor Advisory
https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released
Patch
Release Notes
Vendor Advisory
https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released
Patch
Release Notes
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/
https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html
Patch
Release Notes
Vendor Advisory
https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html
Patch
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*

Версия до 3.2.7 (исключая)

cpe:2.3:a:cyrus:imap:*:*:*:*:*:*:*:*

Версия от 3.3.0 (включая) до 3.4.1 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00208

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

CVE-2021-32056

CVSS3: 4.3

ubuntu

больше 4 лет назад

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.

CVE-2021-32056

CVSS3: 4.3

redhat

больше 4 лет назад

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.

CVE-2021-32056

CVSS3: 4.3

debian

больше 4 лет назад

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remo ...

GHSA-v3j8-2g92-h2q8

CVSS3: 4.3

github

больше 3 лет назад

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.

BDU:2021-04683

CVSS3: 4.3

fstec

почти 5 лет назад

Уязвимость аннотации сервера почтового сервера Cyrus IMAP, связанная с неправильным присвоением разрешений для критичного ресурса, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 43%

0.00208

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-732