Version: latest

CVE-2019-13509

CVE Details

Visit the official vulnerability details page for CVE-2019-13509 to learn more.

Initial Publication

10/10/2025

Last Update

10/14/2025

Third Party Dependency

github.com/docker/docker

NIST CVE Summary

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.

CVE Severity

7.5

Our Official Summary

This vulnerability is a false positive. Although this is reported by the scanning tools on some of the components, further checks indicate the symbol/function with the vulnerability while present is not being used.

Status

Ongoing

Affected Products & Versions

This CVE is non-impacting as the impacting symbol and/or function is not used in the product

Revision History

Date	Revision
10/14/2025	Status changed from Open to Ongoing

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​