You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/docker/docker
versions:
- fixed: 18.09.8
packages:
- package: github.com/docker/docker
summary: Secret insertion into debug log in Docker
description: |-
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23
and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add
secrets to the debug log. This applies to a scenario where docker stack deploy
is run to redeploy a stack that includes (non external) secrets. It potentially
applies to other API users of the stack API if they resend the secret.
cves:
- CVE-2019-13509
ghsas:
- GHSA-j249-ghv5-7mxv
references:
- web: https://nvd.nist.gov/vuln/detail/CVE-2019-13509
- web: https://docs.docker.com/engine/release-notes/18.09/
- advisory: https://github.com/advisories/GHSA-j249-ghv5-7mxv
The text was updated successfully, but these errors were encountered:
In GitHub Security Advisory GHSA-j249-ghv5-7mxv, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: