CVE-2018-12557

Name of the Vulnerable Software and Affected Versions Zuul versions prior to 3.1.0

Description An issue was discovered where if nodes become offline during the build, the no log attribute of a task is ignored. This could lead to accidentally leaking credentials or secrets, particularly when the unreachable error occurred in a task used with a loop variable.

Recommendations For versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of loop variables with tasks that may contain sensitive information until a patch is available. Restrict access to the console output to minimize the risk of exploitation.