QID 994858

Date Published: 2023-08-17

QID 994858: GO (Go) Security Update for github.com/docker/docker (GHSA-j249-ghv5-7mxv)

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.

Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.

CVSS V3 rated as High - 7.5 severity.

CVSS V2 rated as Medium - 5 severity.

Solution

Refer to Github security advisory GHSA-j249-ghv5-7mxv for updates and patch information.

Vendor References

GHSA-j249-ghv5-7mxv - github.com/advisories/GHSA-j249-ghv5-7mxv

CVEs related to QID 994858

CVE-2019-13509 |

Software Advisories

Advisory ID	Software	Component	Link
GHSA-j249-ghv5-7mxv	github.com/docker/docker		github.com/advisories/GHSA-j249-ghv5-7mxv

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].