CVE-2022-25374

Name of the Vulnerable Software and Affected Versions HashiCorp Terraform Enterprise versions v202112-1 through v202201-2

Description The issue concerns the logging of inbound HTTP requests in a manner that may capture sensitive data. This could potentially lead to the exposure of sensitive information. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For HashiCorp Terraform Enterprise versions v202112-1 through v202201-2, update to version v202202-1 or later to resolve the issue. As a temporary workaround, consider restricting access to log files to minimize the risk of sensitive data exposure until a patch is applied.