{"id":"CVE-2019-13509","details":"In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.","aliases":["GHSA-j249-ghv5-7mxv"],"modified":"2026-04-10T04:14:43.175318Z","published":"2019-07-18T16:15:11.953Z","related":["CGA-2fr5-vq6c-3p2f","SUSE-SU-2019:2117-1","SUSE-SU-2019:2119-1","SUSE-SU-2025:03540-1","SUSE-SU-2025:03545-1","openSUSE-SU-2019:2021-1","openSUSE-SU-2024:10722-1","openSUSE-SU-2025:15589-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Sep/21"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"},{"type":"ADVISORY","url":"https://docs.docker.com/engine/release-notes/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190828-0003/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4521"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/109253"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/docker/docker","events":[{"introduced":"f5749085e9cb0565afe342e73a67631f97547054"},{"fixed":"456712c5b8d9d92c047f6a7d7cff270527ecac28"},{"introduced":"0"},{"fixed":"456712c5b8d9d92c047f6a7d7cff270527ecac28"}],"database_specific":{"versions":[{"introduced":"18.09.0"},{"fixed":"18.09.8"},{"introduced":"0"},{"fixed":"18.09.8"}]}}],"versions":["v18.09.0","v18.09.1","v18.09.1-beta1","v18.09.1-beta2","v18.09.1-rc1","v18.09.2","v18.09.3","v18.09.3-rc1","v18.09.4","v18.09.4-rc1","v18.09.5","v18.09.5-rc1","v18.09.6","v18.09.6-rc1","v18.09.7","v18.09.7-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13509.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"17.03.2-1"}]},{"events":[{"introduced":"0"},{"last_affected":"17.03.2-2"}]},{"events":[{"introduced":"0"},{"last_affected":"17.03.2-3"}]},{"events":[{"introduced":"0"},{"last_affected":"17.03.2-4"}]},{"events":[{"introduced":"0"},{"last_affected":"17.03.2-5"}]},{"events":[{"introduced":"0"},{"last_affected":"17.03.2-6"}]},{"events":[{"introduced":"0"},{"last_affected":"17.03.2-7"}]},{"events":[{"introduced":"0"},{"last_affected":"17.03.2-8"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-1"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-10"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-11"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-12"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-13"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-15"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-16"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-17"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-18"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-19"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-2"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-20"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-21"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-22"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-3"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-4"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-5"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-6"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-7"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-8"}]},{"events":[{"introduced":"0"},{"last_affected":"17.06.2-9"}]},{"events":[{"introduced":"0"},{"last_affected":"18.03.1-1"}]},{"events":[{"introduced":"0"},{"last_affected":"18.03.1-2"}]},{"events":[{"introduced":"0"},{"last_affected":"18.03.1-3"}]},{"events":[{"introduced":"0"},{"last_affected":"18.03.1-4"}]},{"events":[{"introduced":"0"},{"last_affected":"18.03.1-5"}]},{"events":[{"introduced":"0"},{"last_affected":"18.03.1-6"}]},{"events":[{"introduced":"0"},{"last_affected":"18.03.1-7"}]},{"events":[{"introduced":"0"},{"last_affected":"18.03.1-8"}]},{"events":[{"introduced":"0"},{"last_affected":"18.03.1-9"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}