Apache OpenWhisk Action Mutability Weakness

GQSyN4j6Cqc/default.jpg

Apache OpenWhisk is a serverless, open source cloud platform that executes functions in response to events at any scale. OpenWhisk is a cloud-first distributed event-based programming service. It provides a programming model to upload event handlers to a cloud service, and register the handlers to respond to various events.

PureSec recently discovered that under certain conditions (specified below), a remote attacker may overwrite the source code of the action (serverless function) being executed and influence subsequent executions of the same function in the same container.

GQSyN4j6Cqc/default.jpg
Apache OpenWhisk Action Mutability Weakness Apache OpenWhisk Action Mutability Weakness Reviewed by Anonymous on July 24, 2018 Rating: 5