CVE-2019-13509 — Log File Information Exposure in Docker Docker
Severity
7.5HIGHNVD
EPSS
1.6%
top 18.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 18
Latest updateMay 24
Description
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages2 packages
🔴Vulnerability Details
4📋Vendor Advisories
3Red Hat▶
docker: Docker Engine in debug mode may sometimes add secrets to the debug log leading to information disclosure↗2019-07-23
Microsoft▶
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10) Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a s↗2019-07-09
Debian▶
CVE-2019-13509: docker.io - In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 an...↗2019
💬Community
3Bugzilla▶
CVE-2019-13509 docker: Docker Engine in debug mode may sometimes add secrets to the debug log leading to information disclosure [epel-6]↗2019-07-23
Bugzilla▶
CVE-2019-13509 docker: Docker Engine in debug mode may sometimes add secrets to the debug log leading to information disclosure↗2019-07-23
Bugzilla▶
CVE-2019-13509 docker: Docker Engine in debug mode may sometimes add secrets to the debug log leading to information disclosure [fedora-all]↗2019-07-23