cvedb.io
CVE-2018-12557
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-06-19T05:29:00.230 · Last modified 2026-06-17T01:37:58.150

Summary

An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could lead to accidentally leaking credentials or secrets.

Affected products

zuul-ci — zuul

Does this affect you?

Add your gear to cvedb and we'll alert you only when zuul-ci ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.