Description
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
Remediation
References
https://github.com/akka/alpakka-kafka/issues/1592
https://akka.io/security/alpakka-kafka-cve-2023-29471.html