{"id":"CVE-2021-3621","details":"A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.","modified":"2026-04-16T04:36:52.598259493Z","published":"2021-12-23T21:15:08.920Z","related":["ALSA-2021:3151","SUSE-RU-2021:3185-1","SUSE-SU-2021:2873-1","SUSE-SU-2021:2941-1","SUSE-SU-2022:0826-1","SUSE-SU-2022:1258-1","SUSE-SU-2022:2763-1","openSUSE-SU-2021:2941-1","openSUSE-SU-2024:13446-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00008.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"},{"type":"ADVISORY","url":"https://sssd.io/release-notes/sssd-2.6.0.html"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975142"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sssd/sssd","events":[{"introduced":"0"},{"last_affected":"bd71ae53fc0b4bf58633bfd957f7eb1745814dfa"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.6.0"}]}}],"versions":["2.4.1","2.4.2","2.5.0","2.5.1","2.5.2","2.6.0","sssd-0_2_0","sssd-0_2_1","sssd-0_3_1","sssd-0_3_2","sssd-0_3_3","sssd-0_4_0","sssd-0_4_1","sssd-0_5_0","sssd-0_6_0","sssd-0_7_0","sssd-0_99_0","sssd-1_0_99","sssd-1_10_0","sssd-1_10_90","sssd-1_10_92","sssd-1_10_alpha1","sssd-1_10_beta1","sssd-1_10_beta2","sssd-1_11_0","sssd-1_11_0_beta1","sssd-1_11_0_beta2","sssd-1_11_90","sssd-1_11_91","sssd-1_12_0","sssd-1_12_0_beta1","sssd-1_12_0_beta2","sssd-1_12_1","sssd-1_12_2","sssd-1_12_3","sssd-1_12_90","sssd-1_13_0","sssd-1_13_0_alpha","sssd-1_13_1","sssd-1_13_90","sssd-1_13_91","sssd-1_14_0","sssd-1_14_0_alpha1","sssd-1_14_0_beta1","sssd-1_14_1","sssd-1_14_2","sssd-1_15_0","sssd-1_15_1","sssd-1_15_2","sssd-1_15_3","sssd-1_16_0","sssd-1_16_1","sssd-1_16_2","sssd-1_16_3","sssd-1_2_91","sssd-1_3_0","sssd-1_4_0","sssd-1_5_0","sssd-1_5_1","sssd-1_6_0","sssd-1_8_91","sssd-1_8_92","sssd-1_8_93","sssd-1_8_94","sssd-1_8_95","sssd-1_8_96","sssd-1_8_97","sssd-1_8_98","sssd-1_9_0","sssd-1_9_0_beta1","sssd-1_9_0_beta2","sssd-1_9_0_beta3","sssd-1_9_0_beta4","sssd-1_9_0_beta5","sssd-1_9_0_beta6","sssd-1_9_0_beta7","sssd-1_9_0_rc1","sssd-1_9_1","sssd-1_9_2","sssd-1_9_91","sssd-1_9_92","sssd-1_9_93","sssd-1_9_94","sssd-2_1_0","sssd-2_2_0","sssd-2_2_1","sssd-2_2_2","sssd-2_2_3","sssd-2_3_0","sssd-2_3_1","sssd-2_4_0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3621.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}