Description
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
Remediation
References
https://akka.io/security/alpakka-kafka-cve-2023-29471.html
https://github.com/akka/alpakka-kafka/issues/1592
Related Vulnerabilities
CVE-2014-0115 Vulnerability in maven package org.apache.storm:storm-core
CVE-2016-3084 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server
CVE-2011-5063 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2019-16560 Vulnerability in maven package org.jenkins-ci.plugins:websphere-deployer
CVE-2009-4269 Vulnerability in maven package org.apache.derby:derby