CVE-2019-13509

Debian Security Advisory 4521-1

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.

En Docker CE y EE antes de 18.09.8 (así como en Docker EE antes de 17.06.2-ee-23 y 18.x antes de 18.03.1-ee-10), Docker Engine en modo de depuración a veces puede agregar secretos al registro de depuración. . Esto se aplica a un escenario en el que la implementación de la pila de la ventana acoplable se ejecuta para volver a implementar una pila que incluye secretos (no externos). Potencialmente se aplica a otros usuarios de API de la API de pila si reenvían el secreto.

Three security vulnerabilities have been discovered in the Docker could result in execution of code with root privileges, sensitive data could be logged in debug mode and there was a command injection vulnerability in the "docker build" command.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-07-11 CVE Reserved
2019-07-18 CVE Published
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-532: Insertion of Sensitive Information into Log File

CAPEC

References (8)

URL	Tag	Source
http://www.securityfocus.com/bid/109253	Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/21	Mailing List
https://security.netapp.com/advisory/ntap-20190828-0003	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html	2023-11-07
https://docs.docker.com/engine/release-notes	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC	2023-11-07
https://www.debian.org/security/2019/dsa-4521	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				>= 18.09.0 < 18.09.8 Search vendor "Docker" for product "Docker" and version " >= 18.09.0 < 18.09.8"		enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.03.2 Search vendor "Docker" for product "Docker" and version "17.03.2"		1, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.03.2 Search vendor "Docker" for product "Docker" and version "17.03.2"		2, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.03.2 Search vendor "Docker" for product "Docker" and version "17.03.2"		3, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.03.2 Search vendor "Docker" for product "Docker" and version "17.03.2"		4, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.03.2 Search vendor "Docker" for product "Docker" and version "17.03.2"		5, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.03.2 Search vendor "Docker" for product "Docker" and version "17.03.2"		6, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.03.2 Search vendor "Docker" for product "Docker" and version "17.03.2"		7, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.03.2 Search vendor "Docker" for product "Docker" and version "17.03.2"		8, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		1, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		10, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		11, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		12, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		13, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		15, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		16, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		17, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		18, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		19, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		2, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		20, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		21, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		22, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		3, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		4, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		5, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		6, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		7, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		8, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				17.06.2 Search vendor "Docker" for product "Docker" and version "17.06.2"		9, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				18.03.1 Search vendor "Docker" for product "Docker" and version "18.03.1"		1, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				18.03.1 Search vendor "Docker" for product "Docker" and version "18.03.1"		2, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				18.03.1 Search vendor "Docker" for product "Docker" and version "18.03.1"		3, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				18.03.1 Search vendor "Docker" for product "Docker" and version "18.03.1"		4, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				18.03.1 Search vendor "Docker" for product "Docker" and version "18.03.1"		5, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				18.03.1 Search vendor "Docker" for product "Docker" and version "18.03.1"		6, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				18.03.1 Search vendor "Docker" for product "Docker" and version "18.03.1"		7, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				18.03.1 Search vendor "Docker" for product "Docker" and version "18.03.1"		8, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				18.03.1 Search vendor "Docker" for product "Docker" and version "18.03.1"		9, enterprise		Affected
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				< 18.09.8 Search vendor "Docker" for product "Docker" and version " < 18.09.8"		community		Affected