The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Improper Masking of Secrets in Logs vulnerabilities in an interactive lesson.
Start learningUpgrade github.com/microsoft/terraform-provider-power-platform/internal/powerplatform/api
to version 3.0.0 or higher.
Affected versions of this package are vulnerable to Improper Masking of Secrets in Logs due to an error in the logging code that fails to properly mask the client_secret
when logs are persisted or viewed. An attacker can gain access to sensitive information by exploiting this vulnerability to view unmasked secrets in the logs.
This vulnerability can be mitigated by immediately rotating the client_secret
for any service principal that has been configured using this Terraform provider.
Consider disabling the TF_LOG_PATH
environment variable or configuring Terraform to not persist logs to a file or an external system until the provider is updated.
Existing logs that may contain the client_secret
should be removed or sanitized to prevent unauthorized access.