Sensitive Information Leakage in Lightbend Alpakka Kafka (CVE-2021-12345)

Sensitive Information Leakage in Lightbend Alpakka Kafka (CVE-2021-12345)

CVE-2023-29471 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.

Learn more about our Internal Network Penetration Testing.