{"id":"CVE-2019-13509","details":"In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.","aliases":["GHSA-j249-ghv5-7mxv"],"modified":"2026-05-28T04:04:53.834414591Z","published":"2019-07-18T16:15:11.953Z","related":["CGA-2fr5-vq6c-3p2f","SUSE-SU-2019:2117-1","SUSE-SU-2019:2119-1","SUSE-SU-2025:03540-1","SUSE-SU-2025:03545-1","openSUSE-SU-2019:2021-1","openSUSE-SU-2024:10722-1","openSUSE-SU-2025:15589-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_RANGE","extracted_events":[{"introduced":"18.09.0"},{"fixed":"18.09.8"},{"introduced":"18.09.0"},{"fixed":"18.09.8"},{"introduced":"18.09.0"},{"fixed":"18.09.8"},{"fixed":"18.09.8"},{"fixed":"18.09.8"},{"fixed":"18.09.8"}],"cpes":["cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*","cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*"],"vendor_product":"docker:docker"},{"source":"CPE_STRING","cpes":["cpe:2.3:a:docker:docker:17.03.2:1:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.03.2:2:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.03.2:3:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.03.2:4:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.03.2:5:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.03.2:6:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.03.2:7:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.03.2:8:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:10:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:11:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:12:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:13:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:15:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:16:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:17:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:18:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:19:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:1:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:20:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:21:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:22:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:2:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:3:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:4:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:5:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:6:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:7:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:8:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:17.06.2:9:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:18.03.1:1:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:18.03.1:2:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:18.03.1:3:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:18.03.1:4:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:18.03.1:5:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:18.03.1:6:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:18.03.1:7:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:18.03.1:8:*:*:enterprise:*:*:*","cpe:2.3:a:docker:docker:18.03.1:9:*:*:enterprise:*:*:*"],"extracted_events":[{"last_affected":"17.03.2-1"},{"last_affected":"17.03.2-1"},{"last_affected":"17.03.2-1"},{"last_affected":"17.03.2-2"},{"last_affected":"17.03.2-2"},{"last_affected":"17.03.2-2"},{"last_affected":"17.03.2-3"},{"last_affected":"17.03.2-3"},{"last_affected":"17.03.2-3"},{"last_affected":"17.03.2-4"},{"last_affected":"17.03.2-4"},{"last_affected":"17.03.2-4"},{"last_affected":"17.03.2-5"},{"last_affected":"17.03.2-5"},{"last_affected":"17.03.2-5"},{"last_affected":"17.03.2-6"},{"last_affected":"17.03.2-6"},{"last_affected":"17.03.2-6"},{"last_affected":"17.03.2-7"},{"last_affected":"17.03.2-7"},{"last_affected":"17.03.2-7"},{"last_affected":"17.03.2-8"},{"last_affected":"17.03.2-8"},{"last_affected":"17.03.2-8"},{"last_affected":"17.06.2-1"},{"last_affected":"17.06.2-1"},{"last_affected":"17.06.2-1"},{"last_affected":"17.06.2-10"},{"last_affected":"17.06.2-10"},{"last_affected":"17.06.2-10"},{"last_affected":"17.06.2-11"},{"last_affected":"17.06.2-11"},{"last_affected":"17.06.2-11"},{"last_affected":"17.06.2-12"},{"last_affected":"17.06.2-12"},{"last_affected":"17.06.2-12"},{"last_affected":"17.06.2-13"},{"last_affected":"17.06.2-13"},{"last_affected":"17.06.2-13"},{"last_affected":"17.06.2-15"},{"last_affected":"17.06.2-15"},{"last_affected":"17.06.2-15"},{"last_affected":"17.06.2-16"},{"last_affected":"17.06.2-16"},{"last_affected":"17.06.2-16"},{"last_affected":"17.06.2-17"},{"last_affected":"17.06.2-17"},{"last_affected":"17.06.2-17"},{"last_affected":"17.06.2-18"},{"last_affected":"17.06.2-18"},{"last_affected":"17.06.2-18"},{"last_affected":"17.06.2-19"},{"last_affected":"17.06.2-19"},{"last_affected":"17.06.2-19"},{"last_affected":"17.06.2-2"},{"last_affected":"17.06.2-2"},{"last_affected":"17.06.2-2"},{"last_affected":"17.06.2-20"},{"last_affected":"17.06.2-20"},{"last_affected":"17.06.2-20"},{"last_affected":"17.06.2-21"},{"last_affected":"17.06.2-21"},{"last_affected":"17.06.2-21"},{"last_affected":"17.06.2-22"},{"last_affected":"17.06.2-22"},{"last_affected":"17.06.2-22"},{"last_affected":"17.06.2-3"},{"last_affected":"17.06.2-3"},{"last_affected":"17.06.2-3"},{"last_affected":"17.06.2-4"},{"last_affected":"17.06.2-4"},{"last_affected":"17.06.2-4"},{"last_affected":"17.06.2-5"},{"last_affected":"17.06.2-5"},{"last_affected":"17.06.2-5"},{"last_affected":"17.06.2-6"},{"last_affected":"17.06.2-6"},{"last_affected":"17.06.2-6"},{"last_affected":"17.06.2-7"},{"last_affected":"17.06.2-7"},{"last_affected":"17.06.2-7"},{"last_affected":"17.06.2-8"},{"last_affected":"17.06.2-8"},{"last_affected":"17.06.2-8"},{"last_affected":"17.06.2-9"},{"last_affected":"17.06.2-9"},{"last_affected":"17.06.2-9"},{"last_affected":"18.03.1-1"},{"last_affected":"18.03.1-1"},{"last_affected":"18.03.1-1"},{"last_affected":"18.03.1-2"},{"last_affected":"18.03.1-2"},{"last_affected":"18.03.1-2"},{"last_affected":"18.03.1-3"},{"last_affected":"18.03.1-3"},{"last_affected":"18.03.1-3"},{"last_affected":"18.03.1-4"},{"last_affected":"18.03.1-4"},{"last_affected":"18.03.1-4"},{"last_affected":"18.03.1-5"},{"last_affected":"18.03.1-5"},{"last_affected":"18.03.1-5"},{"last_affected":"18.03.1-6"},{"last_affected":"18.03.1-6"},{"last_affected":"18.03.1-6"},{"last_affected":"18.03.1-7"},{"last_affected":"18.03.1-7"},{"last_affected":"18.03.1-7"},{"last_affected":"18.03.1-8"},{"last_affected":"18.03.1-8"},{"last_affected":"18.03.1-8"},{"last_affected":"18.03.1-9"},{"last_affected":"18.03.1-9"},{"last_affected":"18.03.1-9"}],"vendor_product":"docker:docker"},{"source":"DESCRIPTION","extracted_events":[{"fixed":"17.06.2-ee-23"},{"introduced":"18.x"},{"fixed":"18.03.1-ee-10"}]}]},"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC/"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Sep/21"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/109253"},{"type":"ADVISORY","url":"https://docs.docker.com/engine/release-notes/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190828-0003/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4521"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/moby/moby","events":[{"introduced":"0"},{"fixed":"456712c5b8d9d92c047f6a7d7cff270527ecac28"}],"database_specific":{"source":"DESCRIPTION","extracted_events":[{"introduced":"0"},{"fixed":"18.09.8"}]}}],"versions":["v18.09.7-rc1","v18.09.7","v18.09.6-rc1","v18.09.6","v18.09.5-rc1","v18.09.5","v18.09.4","v18.09.4-rc1","v18.09.3-rc1","v18.09.3","v18.09.2","v18.09.1","v18.09.1-rc1","v18.09.1-beta2","v18.09.1-beta1","v18.09.0","v18.09.0-rc1","v18.09.0-beta5","v18.09.0-beta3","v18.09.0-ce-tp6","v18.09.0-ce-beta1","v18.09.0-ce-tp5","v18.09.0-ce-tp4","v18.09.0-ce-tp3","v18.09.0-ce-tp0","v18.06.0-ce-rc1","docs-v1.12.0-rc4-2016-07-15","v0.7.2","v0.7.1","v0.7.0","v0.6.5","v0.5.0","v0.4.7","v0.4.5","v0.4.4","v0.4.2","v0.4.1","v0.3.2","v0.3.1","v0.3.0","v0.2.2","v0.2.1","v0.2.0","v0.1.8","v0.1.7","v0.1.6","v0.1.5","v0.1.4","v0.1.3","v0.1.2","v0.1.1","v0.1.0","upstream/0.1.3","0.0.3","upstream/0.1.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13509.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}