Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
References
Link | Resource |
---|---|
https://akka.io/security/alpakka-kafka-cve-2023-29471.html | Vendor Advisory |
https://github.com/akka/alpakka-kafka/issues/1592 | Issue Tracking |
Configurations
History
No history.
Information
Published : 2023-04-27 21:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-29471
Mitre link : CVE-2023-29471
CVE.ORG link : CVE-2023-29471
JSON object : View
Products Affected
lightbend
- alpakka_kafka
CWE
CWE-312
Cleartext Storage of Sensitive Information