CVE-2019-13509

ADVISORY - github

Summary

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.

EPSS Score⁠: 0.02212 (0.840)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-532⁠

Insertion of Sensitive Information into Log File

ADVISORY - github

CWE-532⁠

Insertion of Sensitive Information into Log File

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-532⁠

Insertion of Sensitive Information into Log File

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-117⁠

Improper Output Neutralization for Logs

Impacted images

Advisories

NIST

CREATED

7 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2019-13509⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-532⁠

CVSS SCORE

7.5high

GitHub

CREATED

4 years ago

UPDATED

2 years ago

ADVISORY IDGHSA-j249-ghv5-7mxv⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-532⁠

CVSS SCORE

7.5high

Alpine

CREATED

7 years ago

UPDATED

6 hours ago

ADVISORY IDCVE-2019-13509⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

7 years ago

UPDATED

18 days ago

ADVISORY IDCVE-2019-13509⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

7 years ago

UPDATED

10 months ago

ADVISORY IDCVE-2019-13509⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5low

GitLab

CREATED

4 years ago

UPDATED

2 years ago

ADVISORY ID

CVE-2019-13509

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-532⁠CWE-937⁠

CVSS SCORE

7.5high

Amazon

CREATED

6 years ago

UPDATED

6 years ago

ADVISORY IDALAS-2019-1316⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

6 years ago

UPDATED

12 days ago

ADVISORY IDCVE-2019-13509⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-117⁠

CVSS SCORE

6.5medium

Oracle

CREATED

6 years ago

UPDATED

6 years ago

ADVISORY IDELSA-2019-4813⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Chainguard

CREATED

22 hours ago

UPDATED

22 hours ago

ADVISORY ID

CGA-2fr5-vq6c-3p2f

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-j48m-6766-vf95

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-vpvg-5mcq-5hm2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY