Description
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
Remediation
References
https://github.com/akka/alpakka-kafka/issues/1592
https://akka.io/security/alpakka-kafka-cve-2023-29471.html
Related Vulnerabilities
CVE-2019-16541 Vulnerability in maven package org.jenkins-ci.plugins:jira
CVE-2023-29201 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2019-1003056 Vulnerability in maven package org.jenkins-ci.plugins:websphere-deployer
CVE-2023-31890 Vulnerability in maven package com.glazedlists:glazedlists
CVE-2019-8331 Vulnerability in maven package org.webjars.npm:bootstrap