CVE-2023-29471

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-29471

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29471.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-29471

Aliases

GHSA-55vq-xpjf-r2xc

Published

2023-04-27T21:15:10Z

Modified

2024-05-14T12:51:39.850591Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.

References

Affected packages

Git / github.com/akka/alpakka-kafka

Affected ranges

Type: GIT
Repo: https://github.com/akka/alpakka-kafka
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1e25e79f33e85703cfc3edd39eceaa3a3b5f471b

Affected versions

0.*

0.11-M3

v0.*

v0.1.0

v0.11

v0.11-M1

v0.11-M2

v0.11-M3

v0.11-M4

v0.11-RC1

v0.11-RC2

v0.12

v0.13

v0.14

v0.15

v0.16

v0.17

v0.18

v0.19

v0.2.0

v0.20

v0.21

v0.21.1

v0.22

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.7.1

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.9.0

v1.*

v1.0

v1.0-M1

v1.0-RC1

v1.0-RC2

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.1.0

v1.1.0-RC1

v1.1.0-RC2

v2.*

v2.0.0

v2.0.0-M2

v2.0.0-RC1

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.1.0

v2.1.0-M1

v2.1.0-RC1

v2.1.1

v3.*

v3.0.0

v3.0.0-RC1

v3.0.1

v3.1.0-M1

v3.1.0-M2

v4.*

v4.0.0

v4.0.1