CVE-2021-3621

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-3621
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3621.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-3621
Downstream
Related
Published
2021-12-23T21:15:08.920Z
Modified
2026-04-16T00:06:27.593260446Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "4.0"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "4.0"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "34"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "6.0"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "8.1"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "8.2"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "8.2"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "8.4"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "8.2"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "8.4"
                }
            ],
            "source": "CPE_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/sssd/sssd

Affected ranges

Type
GIT
Repo
https://github.com/sssd/sssd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bd71ae53fc0b4bf58633bfd957f7eb1745814dfa
Database specific 
{
    "cpe": "cpe:2.3:a:fedoraproject:sssd:2.6.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.0"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

2.*
2.4.1
2.4.2
2.5.0
2.5.1
2.5.2
2.6.0
Other
sssd-0_2_0
sssd-0_2_1
sssd-0_3_1
sssd-0_3_2
sssd-0_3_3
sssd-0_4_0
sssd-0_4_1
sssd-0_5_0
sssd-0_6_0
sssd-0_7_0
sssd-0_99_0
sssd-1_0_99
sssd-1_10_0
sssd-1_10_90
sssd-1_10_92
sssd-1_10_alpha1
sssd-1_10_beta1
sssd-1_10_beta2
sssd-1_11_0
sssd-1_11_0_beta1
sssd-1_11_0_beta2
sssd-1_11_90
sssd-1_11_91
sssd-1_12_0
sssd-1_12_0_beta1
sssd-1_12_0_beta2
sssd-1_12_1
sssd-1_12_2
sssd-1_12_3
sssd-1_12_90
sssd-1_13_0
sssd-1_13_0_alpha
sssd-1_13_1
sssd-1_13_90
sssd-1_13_91
sssd-1_14_0
sssd-1_14_0_alpha1
sssd-1_14_0_beta1
sssd-1_14_1
sssd-1_14_2
sssd-1_15_0
sssd-1_15_1
sssd-1_15_2
sssd-1_15_3
sssd-1_16_0
sssd-1_16_1
sssd-1_16_2
sssd-1_16_3
sssd-1_2_91
sssd-1_3_0
sssd-1_4_0
sssd-1_5_0
sssd-1_5_1
sssd-1_6_0
sssd-1_8_91
sssd-1_8_92
sssd-1_8_93
sssd-1_8_94
sssd-1_8_95
sssd-1_8_96
sssd-1_8_97
sssd-1_8_98
sssd-1_9_0
sssd-1_9_0_beta1
sssd-1_9_0_beta2
sssd-1_9_0_beta3
sssd-1_9_0_beta4
sssd-1_9_0_beta5
sssd-1_9_0_beta6
sssd-1_9_0_beta7
sssd-1_9_0_rc1
sssd-1_9_1
sssd-1_9_2
sssd-1_9_91
sssd-1_9_92
sssd-1_9_93
sssd-1_9_94
sssd-2_1_0
sssd-2_2_0
sssd-2_2_1
sssd-2_2_2
sssd-2_2_3
sssd-2_3_0
sssd-2_3_1
sssd-2_4_0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3621.json"