Name of the Vulnerable Software and Affected Versions: SageMaker Training Toolkit versions 4.7.0 through 4.7.4

Description: The issue concerns the logging of authorization tokens for CodeArtifact in log files when the CodeArtifact capability is enabled. These tokens have an expiration of 12 hours. If log files are pushed to CloudWatch Log streams, anyone with access to these logs within their AWS account may be able to see the authorization token. If the token has not expired, it could be used to publish or consume CodeArtifact package versions.

Recommendations: For SageMaker Training Toolkit versions 4.7.0 through 4.7.4, upgrade to version 4.8.0 or higher to resolve the issue. As a temporary workaround, consider restricting access to CloudWatch logs to minimize the risk of token exposure. Avoid pushing log files containing authorization tokens to CloudWatch Log streams until the issue is resolved.