{"api_version":"1","generated_at":"2026-04-23T01:13:06+00:00","cve":"CVE-2021-3560","urls":{"html":"https://cve.report/CVE-2021-3560","api":"https://cve.report/api/cve/CVE-2021-3560.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-3560","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-3560"},"summary":{"title":"CVE-2021-3560","description":"It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-02-16 19:15:00","updated_at":"2023-11-07 03:38:00"},"problem_types":["CWE-754"],"metrics":[],"references":[{"url":"http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html","name":"http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html","refsource":"","tags":[],"title":"Facebook Fizz Denial Of Service ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html","name":"http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html","refsource":"MISC","tags":[],"title":"polkit Authentication Bypass ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961710","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1961710","refsource":"MISC","tags":["Issue Tracking","Patch","Vendor Advisory"],"title":"1961710 – (CVE-2021-3560) CVE-2021-3560 polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync()","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/","name":"https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug | The GitHub Blog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-3560","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3560","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"3560","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"20.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3560","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3560","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"polkit_project","cpe5":"polkit","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3560","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3560","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3560","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3560","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"virtualization","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3560","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"virtualization_host","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2021","cve_id":"3560","cve":"CVE-2021-3560","vendorProject":"Red Hat","product":"Polkit","vulnerabilityName":"Red Hat Polkit Incorrect Authorization Vulnerability","dateAdded":"2023-05-12","shortDescription":"Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2023-06-02","knownRansomwareCampaignUse":"Unknown","notes":"https://bugzilla.redhat.com/show_bug.cgi?id=1961710; https://nvd.nist.gov/vuln/detail/CVE-2021-3560","cwes":"CWE-863","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:10"},"epss":{"cve_year":"2021","cve_id":"3560","cve":"CVE-2021-3560","epss":"0.072660000","percentile":"0.916610000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:16"},"legacy_qids":[{"cve":"CVE-2021-3560","qid":"159244","title":"Oracle Enterprise Linux Security Update for polkit (ELSA-2021-2238)"},{"cve":"CVE-2021-3560","qid":"179889","title":"Debian Security Update for policykit-1 (CVE-2021-3560)"},{"cve":"CVE-2021-3560","qid":"198399","title":"Ubuntu Security Notification for polkit vulnerability (USN-4980-1)"},{"cve":"CVE-2021-3560","qid":"239363","title":"Red Hat Update for polkit (RHSA-2021:2238)"},{"cve":"CVE-2021-3560","qid":"239364","title":"Red Hat Update for polkit (RHSA-2021:2237)"},{"cve":"CVE-2021-3560","qid":"239365","title":"Red Hat Update for polkit (RHSA-2021:2236)"},{"cve":"CVE-2021-3560","qid":"239490","title":"Red Hat Update for OpenShift Container Platform 4.7.19 (RHSA-2021:2555)"},{"cve":"CVE-2021-3560","qid":"281486","title":"Fedora Security Update for polkit (FEDORA-2021-0ec5a8a74b)"},{"cve":"CVE-2021-3560","qid":"281706","title":"Fedora Security Update for polkit (FEDORA-2021-3f8d6016c9)"},{"cve":"CVE-2021-3560","qid":"296053","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 35.94.4 Missing (CPUJUL2021)"},{"cve":"CVE-2021-3560","qid":"376987","title":"Alibaba Cloud Linux Security Update for polkit (ALINUX3-SA-2021:0035)"},{"cve":"CVE-2021-3560","qid":"501899","title":"Alpine Linux Security Update for polkit"},{"cve":"CVE-2021-3560","qid":"670553","title":"EulerOS Security Update for polkit (EulerOS-SA-2021-2311)"},{"cve":"CVE-2021-3560","qid":"670779","title":"EulerOS Security Update for polkit (EulerOS-SA-2021-2537)"},{"cve":"CVE-2021-3560","qid":"670803","title":"EulerOS Security Update for polkit (EulerOS-SA-2021-2561)"},{"cve":"CVE-2021-3560","qid":"690112","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for polkit (36a35d83-c560-11eb-84ab-e0d55e2a8bf9)"},{"cve":"CVE-2021-3560","qid":"710037","title":"Gentoo Linux polkit Privilege escalation (GLSA 202107-31)"},{"cve":"CVE-2021-3560","qid":"750102","title":"SUSE Enterprise Linux Security Update for polkit (SUSE-SU-2021:1844-1)"},{"cve":"CVE-2021-3560","qid":"750103","title":"SUSE Enterprise Linux Security Update for polkit (SUSE-SU-2021:1842-1)"},{"cve":"CVE-2021-3560","qid":"750104","title":"SUSE Enterprise Linux Security Update for polkit (SUSE-SU-2021:1843-1)"},{"cve":"CVE-2021-3560","qid":"750173","title":"OpenSUSE Security Update for polkit (openSUSE-SU-2021:0838-1)"},{"cve":"CVE-2021-3560","qid":"750763","title":"OpenSUSE Security Update for polkit (openSUSE-SU-2021:1843-1)"},{"cve":"CVE-2021-3560","qid":"770072","title":"Red Hat OpenShift Container Platform 4.7 Security Update (RHSA-2021:2555)"},{"cve":"CVE-2021-3560","qid":"770103","title":"Red Hat OpenShift Container Platform 4.7 Security Update (RHSA-2021-2555)"},{"cve":"CVE-2021-3560","qid":"900684","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for polkit (8686)"},{"cve":"CVE-2021-3560","qid":"940425","title":"AlmaLinux Security Update for polkit (ALSA-2021:2238)"},{"cve":"CVE-2021-3560","qid":"960004","title":"Rocky Linux Security Update for polkit (RLSA-2021:2238)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-3560","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"polkit","version":{"version_data":[{"version_value":"polkit 0.119"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-863"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1961710","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961710"},{"refsource":"MISC","name":"https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/","url":"https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html","url":"http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"}]},"description":{"description_data":[{"lang":"eng","value":"It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}]}},"nvd":{"publishedDate":"2022-02-16 19:15:00","lastModifiedDate":"2023-11-07 03:38:00","problem_types":["CWE-754"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*","versionEndExcluding":"0.119","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"3560","Ordinal":"208879","Title":"CVE-2021-3560","CVE":"CVE-2021-3560","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"3560","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}