CVE-2021-3621 log

Severity Medium
Remote No
Type Privilege escalation
A security issue was found in SSSD before version 2.6.0, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access.
Group Package Affected Fixed Severity Status Ticket
AVG-2314 sssd 2.5.2-2 2.6.0-1 Medium Fixed