Sensitive Information Leakage in Lightbend Alpakka Kafka (CVE-2021-12345)
CVE-2023-29471 · MEDIUM Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
Learn more about our Internal Network Penetration Testing.