Description
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
Remediation
References
https://akka.io/security/alpakka-kafka-cve-2023-29471.html
https://github.com/akka/alpakka-kafka/issues/1592
Related Vulnerabilities
CVE-2021-43297 Vulnerability in maven package com.alibaba:hessian-lite
CVE-2019-10424 Vulnerability in maven package com.technicolor:eloyente
CVE-2023-50730 Vulnerability in maven package org.typelevel:grackle-core_native0.4_3
CVE-2019-16557 Vulnerability in maven package com.redgate.plugins.redgatesqlci:redgate-sql-ci
CVE-2018-20677 Vulnerability in maven package org.webjars.npm:bootstrap-sass