Hasan Sheet

**Name of the Vulnerable Software and Affected Versions** Terraform Provider for Linode versions prior to 3.9.0 **Description** The Terraform Provider for Linode logged sensitive information, including passwords, StackScript content, and object storage data, in debug logs without redaction. This issue is present when debug/provider logs are explicitly enabled. An authenticated user with access to these logs could extract sensitive credentials. The provider versions 3.9.0 and later sanitize debug logs by redacting sensitive content and logging only non-sensitive metadata. **Recommendations** Disable Terraform/provider debug logging or set it to `WARN` level or above. Restrict access to existing and historical logs. Purge/retention-trim logs that may contain sensitive values. Rotate potentially exposed secrets/credentials.