Published: 18/07/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 447

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

In Docker CE and EE prior to 18.09.8 (as well as Docker EE prior to 17.06.2-ee-23 and 18.x prior to 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.

Vulnerable Product	Search on Vulmon	Subscribe to Product
docker docker 17.03.2
docker docker 17.06.2
docker docker 18.03.1
docker docker

Debian Bug report logs - #932673 dockerio: CVE-2019-13509 Package: src:dockerio; Maintainer for src:dockerio is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 21 Jul 2019 19:36:02 UTC Severity: normal Tags: security, upstream Found in versions dockerio/1809 ...

Three security vulnerabilities have been discovered in the Docker container runtime: Insecure loading of NSS libraries in docker cp could result in execution of code with root privileges, sensitive data could be logged in debug mode and there was a command injection vulnerability in the docker build command For the stable distribution (buster), th ...

A command injection flaw was discovered in Docker during the `docker build` command By providing a specially crafted path argument for the container to build, it is possible to inject command options to the `git fetch`/`git checkout` commands that are executed by Docker and to execute code with the privileges of the user running Docker A local at ...

Docker Engine before 1809 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unixgo, pkg/parsers/parsersgo, and pkg/sysinfo/sysinfogo (CVE-2018-20699) A command injection flaw was discovered in Docker during the `docker build` comman ...

Impact: Moderate Public Date: 2019-07-23 CWE: CWE-117 Bugzilla: 1732418: CVE-2019-13509 docker: Docker ...

CWE-532 https://docs.docker.com/engine/release-notes/http://www.securityfocus.com/bid/109253 https://security.netapp.com/advisory/ntap-20190828-0003/http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html https://www.debian.org/security/2019/dsa-4521 https://seclists.org/bugtraq/2019/Sep/21 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932673 https://nvd.nist.gov https://www.debian.org/security/2019/dsa-4521

CVE-2019-13509

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect