CVE-2022-25374

CVE-2022-25374

EPSS 0.9%

HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-06-terraform-enterprise-may-capture-sensitive-data-in-logs/