Vulnerability Description
In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Openwhisk | <= 1.3.0 |
References
- http://www.securityfocus.com/bid/104913Third Party AdvisoryVDB Entry
- https://github.com/apache/incubator-openwhisk-runtime-docker/commit/891896f25c39PatchThird Party Advisory
- https://lists.apache.org/thread.html/0b6d8a677f1c063ed32eb3638ef4d1a47dfba8907de
- https://www.puresec.io/hubfs/Apache%20OpenWhisk%20PureSec%20Security%20Advisory.MitigationTechnical DescriptionThird Party Advisory
- http://www.securityfocus.com/bid/104913Third Party AdvisoryVDB Entry
- https://github.com/apache/incubator-openwhisk-runtime-docker/commit/891896f25c39PatchThird Party Advisory
- https://lists.apache.org/thread.html/0b6d8a677f1c063ed32eb3638ef4d1a47dfba8907de
FAQ
What is CVE-2018-11757?
CVE-2018-11757 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the con...
How severe is CVE-2018-11757?
CVE-2018-11757 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-11757?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Openwhisk.