Vulnerabilities > CVE-2018-11757 - Unspecified vulnerability in Apache Openwhisk

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

apache

critical

NVD

Published: 2018-07-23

Updated: 2023-11-07

Summary

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Openwhisk 1.0.0 Apache Openwhisk 1.1.0 Apache Openwhisk 1.2.0 Apache Openwhisk 1.3.0	4

References

https://www.puresec.io/hubfs/Apache%20OpenWhisk%20PureSec%20Security%20Advisory.pdf
https://github.com/apache/incubator-openwhisk-runtime-docker/commit/891896f25c39bc336ef6dda53f80f466ac4ca3c8
http://www.securityfocus.com/bid/104913
https://lists.apache.org/thread.html/0b6d8a677f1c063ed32eb3638ef4d1a47dfba8907de4b222ddd24b05%40%3Cdev.openwhisk.apache.org%3E