{"id":"CVE-2018-12557","details":"An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could lead to accidentally leaking credentials or secrets.","modified":"2026-03-14T09:27:32.705011Z","published":"2018-06-19T05:29:00.230Z","references":[{"type":"WEB","url":"https://storyboard.openstack.org/#%21/story/2002177"},{"type":"ADVISORY","url":"http://lists.zuul-ci.org/pipermail/zuul-announce/2018-June/000015.html"},{"type":"FIX","url":"https://git.zuul-ci.org/cgit/zuul/commit/?id=ffe7278c08e6e36bf8b18f732c764e00ff51551e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://opendev.org/zuul/zuul/","events":[{"introduced":"8f77b30923b005c178ff5e4208c3171d038e8b0c"},{"fixed":"057d664ecc2ce151789e2488250b5e1da36d48a3"}],"database_specific":{"versions":[{"introduced":"3.0.0"},{"fixed":"3.1.0"}]}}],"versions":["3.0.0","3.0.1","3.0.2","3.0.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12557.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}