PT-2018-10807 · Docker+1 · Docker+2

Published

2018-07-23

Updated

2019-10-03

CVE-2018-11756

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions openwhisk/action-php-v7.2 versions 1.0.0 and earlier openwhisk/action-php-v7.1 versions 1.0.1 and earlier

Description The issue allows an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation. This can occur in Docker actions that inherit from specific Docker tags.

Recommendations For openwhisk/action-php-v7.2 version 1.0.0 and earlier, consider updating to a newer version to prevent code exploitation. For openwhisk/action-php-v7.1 version 1.0.1 and earlier, consider updating to a newer version to prevent code exploitation. As a temporary workaround, consider restricting the use of user code that is vulnerable to code exploitation until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-11756

Affected Products

Docker

Openwhisk/Action-Php-V7.1

Openwhisk/Action-Php-V7.2

PT-2018-10807 · Docker+1 · Docker+2

CVE-2018-11756

Related Identifiers

Affected Products

References · 7