CVE-2019-13509

Name of the Vulnerable Software and Affected Versions Docker CE versions prior to 18.09.8 Docker EE versions prior to 17.06.2-ee-23 Docker EE versions prior to 18.03.1-ee-10 Docker EE 18.x versions prior to 18.03.1-ee-10

Description The issue is related to the potential disclosure of secrets through log files when Docker Engine is run in debug mode. This can occur when docker stack deploy is used to redeploy a stack that includes non-external secrets. The problem may also apply to other API users of the stack API if they resend the secret. The vulnerability could allow a remote attacker to gain unauthorized access to information.

Recommendations For Docker CE versions prior to 18.09.8, update to version 18.09.8 or later. For Docker EE versions prior to 17.06.2-ee-23, update to version 17.06.2-ee-23 or later. For Docker EE versions prior to 18.03.1-ee-10, update to version 18.03.1-ee-10 or later. For Docker EE 18.x versions prior to 18.03.1-ee-10, update to version 18.03.1-ee-10 or later. As a temporary workaround, consider disabling debug mode for Docker Engine to minimize the risk of secret disclosure.