Mattdot

**Name of the Vulnerable Software and Affected Versions** Power Platform Terraform Provider versions prior to 3.0.0 **Description** The Power Platform Terraform Provider has an issue where sensitive information, specifically the `client secret` used in the service principal authentication, may be exposed in logs due to an error in the logging code. This exposure occurs when logs are persisted or viewed, causing the `client secret` to not be properly masked. Users should upgrade to version 3.0.0 to receive a patched version of the provider that removes all logging of sensitive content. To mitigate the risk, users who have used this provider with the affected versions should immediately rotate the `client secret` for any service principal that has been configured using this Terraform provider. **Recommendations** Upgrade to version 3.0.0 to receive a patched version of the provider. Immediately rotate the `client secret` for any service principal that has been configured using this Terraform provider. Consider disabling the `TF LOG PATH` environment variable or Terraform log persistence to a file or an external system until a fixed version of the provider is updated. Remove or sanitize existing logs that may contain the `client secret` to prevent unauthorized access.