Inclusion of Sensitive Information in Log Files in docker (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-13509 |
| CWE-ID | CWE-532 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
docker (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Inclusion of Sensitive Information in Log Files
EUVDB-ID: #VU19390
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2019-13509
CWE-ID:
CWE-532 - Information Exposure Through Log Files
Exploit availability: No
DescriptionInstall update from vendor's website.
Vulnerable software versionsdocker (Alpine package): 18.09.7-r0 - 18.09.7-r1
CPE2.3 External links
http://git.alpinelinux.org/aports/commit/?id=24924763d56dd80da5430746a238868ab6cc20d5
http://git.alpinelinux.org/aports/commit/?id=873f13520c5a2c28b7a91904d7da0656c0a2cf2d
http://git.alpinelinux.org/aports/commit/?id=a885fe876c9b7f33ca7f3d7daf212f7bae868840
http://git.alpinelinux.org/aports/commit/?id=c0c44e97533d0c402b3529f7149502e1bf6fc13c
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
