Description
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
Remediation
References
https://akka.io/security/alpakka-kafka-cve-2023-29471.html
https://github.com/akka/alpakka-kafka/issues/1592
Related Vulnerabilities
CVE-2017-0783 Vulnerability in maven package org.apache.openmeetings:openmeetings-web
CVE-2019-1003091 Vulnerability in maven package com.soasta.jenkins:cloudtest
CVE-2023-26491 Vulnerability in npm package rsshub
CVE-2023-49299 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-master