Description
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
Remediation
References
https://github.com/akka/alpakka-kafka/issues/1592
https://akka.io/security/alpakka-kafka-cve-2023-29471.html
Related Vulnerabilities
CVE-2023-37912 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-macro-footnotes
CVE-2019-1003069 Vulnerability in maven package org.jenkins-ci.plugins:aqua-security-scanner
CVE-2022-38180 Vulnerability in maven package io.ktor:ktor-client-core
CVE-2016-1000229 Vulnerability in maven package org.webjars.npm:swagger-ui
CVE-2022-2466 Vulnerability in maven package io.quarkus:quarkus-smallrye-graphql