QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3621

Published: Dec 23, 2021

Modified: Nov 3, 2025

PUBLISHED

Description

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Vendor	Product	Versions
n/a	sssd	affected `sssd 2.6.0`

Weaknesses (CWE)

References

https://sssd.io/release-notes/sssd-2.6.0.html

https://bugzilla.redhat.com/show_bug.cgi?id=1975142

[debian-lts-announce] 20230529 [SECURITY] [DLA 3436-1] sssd security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.