| Summary: |
<app-emulation/docker-18.09.8: Docker Engine in debug mode may sometimes add secrets to the debug log leading to information disclosure (CVE-2019-13509) |
| Product: |
Gentoo Security
|
Reporter: |
Agostino Sarubbo <ago> |
| Component: |
Vulnerabilities | Assignee: |
Gentoo Security <security> |
| Status: |
RESOLVED
FIXED
|
|
|
| Severity: |
minor
|
CC: |
admwiggin, mrueg, williamh
|
| Priority: |
Normal
|
|
|
| Version: |
unspecified | |
|
| Hardware: |
All | |
|
| OS: |
Linux | |
|
| URL: |
https://bugzilla.redhat.com/show_bug.cgi?id=1732418
|
| Whiteboard: |
B4 [noglsa] |
|
Package list:
|
|
Runtime testing required:
|
---
|
|---|
From ${URL} : In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret. Upstream Issue: https://docs.docker.com/engine/release-notes/#180908 @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.