CVE-2023-29471

Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
Configurations

Configuration 1 (hide)

cpe:2.3:a:lightbend:alpakka_kafka:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:57

Type Values Removed Values Added
References () https://akka.io/security/alpakka-kafka-cve-2023-29471.html - Vendor Advisory () https://akka.io/security/alpakka-kafka-cve-2023-29471.html - Vendor Advisory
References () https://github.com/akka/alpakka-kafka/issues/1592 - Issue Tracking () https://github.com/akka/alpakka-kafka/issues/1592 - Issue Tracking

Information

Published : 2023-04-27 21:15

Updated : 2024-11-21 07:57


NVD link : CVE-2023-29471

Mitre link : CVE-2023-29471

CVE.ORG link : CVE-2023-29471


JSON object : View

Products Affected

lightbend

  • alpakka_kafka
CWE
CWE-312

Cleartext Storage of Sensitive Information