Skip to content

x/vulndb: potential Go vuln in github.com/docker/docker: GHSA-j249-ghv5-7mxv #2013

New issue
New issue
Closed
Closed
x/vulndb: potential Go vuln in github.com/docker/docker: GHSA-j249-ghv5-7mxv#2013
Assignees
maceonthompson
Labels
excluded: NOT_IMPORTABLEThis vulnerability only exists in a binary and is not importable.
@GoVulnBot

Description

@GoVulnBot
GoVulnBot
opened on Aug 15, 2023

In GitHub Security Advisory GHSA-j249-ghv5-7mxv, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/docker/docker 18.09.8 < 18.09.8

Cross references:

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/docker/docker
      versions:
        - fixed: 18.09.8
      packages:
        - package: github.com/docker/docker
summary: Secret insertion into debug log in Docker
description: |-
    In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23
    and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add
    secrets to the debug log. This applies to a scenario where docker stack deploy
    is run to redeploy a stack that includes (non external) secrets. It potentially
    applies to other API users of the stack API if they resend the secret.
cves:
    - CVE-2019-13509
ghsas:
    - GHSA-j249-ghv5-7mxv
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2019-13509
    - web: https://docs.docker.com/engine/release-notes/18.09/
    - advisory: https://github.com/advisories/GHSA-j249-ghv5-7mxv

Metadata

Metadata

Assignees

Labels

excluded: NOT_IMPORTABLEThis vulnerability only exists in a binary and is not importable.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions