Main Vulnerability Database Vulnerabilities #VU19390

Inclusion of Sensitive Information in Log Files in Docker Engine - CVE-2019-13509

Published: July 26, 2019

Vulnerability identifier: #VU19390

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-13509

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Docker Inc.

Affected software:
Docker Engine

Detailed vulnerability description

The vulnerability allows a local attacker to access sensitive information on a targeted system.

The vulnerability exists due to the software can add secrets to the debug log when the "docker stack deploy" command is used while running in debug mode to redeploy a stack which includes non-external secrets. A local authenticated attacker can gain access to sensitive information, such as secrets in the log files on a targeted system.

How to mitigate CVE-2019-13509

Install updates from vendor's website.

Inclusion of Sensitive Information in Log Files in Docker Engine - CVE-2019-13509

Detailed vulnerability description

How to mitigate CVE-2019-13509

Sources

Please verify you're human