Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
References
Link | Resource |
---|---|
https://akka.io/security/alpakka-kafka-cve-2023-29471.html | Vendor Advisory |
https://github.com/akka/alpakka-kafka/issues/1592 | Issue Tracking |
https://akka.io/security/alpakka-kafka-cve-2023-29471.html | Vendor Advisory |
https://github.com/akka/alpakka-kafka/issues/1592 | Issue Tracking |
Configurations
History
21 Nov 2024, 07:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://akka.io/security/alpakka-kafka-cve-2023-29471.html - Vendor Advisory | |
References | () https://github.com/akka/alpakka-kafka/issues/1592 - Issue Tracking |
Information
Published : 2023-04-27 21:15
Updated : 2024-11-21 07:57
NVD link : CVE-2023-29471
Mitre link : CVE-2023-29471
CVE.ORG link : CVE-2023-29471
JSON object : View
Products Affected
lightbend
- alpakka_kafka
CWE
CWE-312
Cleartext Storage of Sensitive Information