CVE-2024-47083

Summary

CVE-2024-47083 is a vulnerability affecting the Power Platform Terraform Provider, which is used to manage environments and resources within Power Platform. The issue lies in older versions of the provider, where the `client_secret` used in service principal authentication is not properly masked in logs, leading to their exposure. This error occurs due to a logging code issue. To mitigate the risk, users are advised to upgrade to version 3.0.0, which includes a patched version of the provider that no longer logs sensitive content. Additionally, users should immediately rotate the `client_secret` for any affected service principal, disable log persistence until updated, and remove or sanitize any existing logs containing the `client_secret`.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.