Back to search
CVE-2019-13509
Published: Jul 18, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://docs.docker.com/engine/release-notes/
x_refsource_MISC
109253
vdb-entry
x_refsource_BID
FEDORA-2019-5b54793a4a
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-4bed83e978
vendor-advisory
x_refsource_FEDORA
https://security.netapp.com/advisory/ntap-20190828-0003/
x_refsource_CONFIRM
openSUSE-SU-2019:2021
vendor-advisory
x_refsource_SUSE
DSA-4521
vendor-advisory
x_refsource_DEBIAN
20190910 [SECURITY] [DSA 4521-1] docker.io security update
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now