Description
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
Remediation
References
https://akka.io/security/alpakka-kafka-cve-2023-29471.html
https://github.com/akka/alpakka-kafka/issues/1592
Related Vulnerabilities
CVE-2022-41249 Vulnerability in maven package com.meowlomo.jenkins:scm-httpclient
CVE-2019-10433 Vulnerability in maven package com.ztbsuper:dingding-notifications
CVE-2020-11998 Vulnerability in maven package org.apache.activemq:activemq-broker
CVE-2018-17247 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2023-34453 Vulnerability in maven package org.xerial.snappy:snappy-java