CVE-2023-29471 Information

Description

Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.

Reference

https://github.com/akka/alpakka-kafka/issues/1592 https://akka.io/security/alpakka-kafka-cve-2023-29471.html