First published: Fri Feb 25 2022(Updated: )
HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
HashiCorp Terraform Enterprise | <202202-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-25374 is a vulnerability in HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 that allows sensitive data to be captured in log files.
CVE-2022-25374 has a severity level of high, with a CVSS score of 7.5.
CVE-2022-25374 can potentially expose sensitive data captured in log files, leading to unauthorized access or disclosure of sensitive information.
CVE-2022-25374 has been fixed in version v202202-1 of HashiCorp Terraform Enterprise. It is recommended to update to this version to prevent the vulnerability.
You can find more information about CVE-2022-25374 on the HashiCorp discussion forum at the following URL: https://discuss.hashicorp.com/t/hcsec-2022-06-terraform-enterprise-may-capture-sensitive-data-in-logs/