cbcvebase.
CVE-2019-13509
published 2019-07-18

CVE-2019-13509: In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add…

PriorityP344high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
3.65%
88.2th percentile
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.

Affected

10 ranges
VendorProductVersion rangeFixed in
debiandocker.io< docker.io 18.09.1+dfsg1-8 (bookworm)docker.io 18.09.1+dfsg1-8 (bookworm)
dockerdocker< 18.09.818.09.8
dockerdocker
dockerdocker
dockerdocker
dockerdocker>= 18.09.0 < 18.09.818.09.8
github.comdocker_docker>= 0 < 18.09.818.09.8
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccm1_moby-buildx_0.4.1+azure-3_on_cbl_mariner_1.0

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.