CVE-2023-29471

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-29471

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29471.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-29471

Aliases

GHSA-55vq-xpjf-r2xc

Published

2023-04-27T21:15:10.710Z

Modified

2026-03-13T07:34:31.795472Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.

References

Affected packages

Git / github.com/akka/alpakka-kafka

Affected ranges

Type

GIT

Repo

https://github.com/akka/alpakka-kafka

Events

Introduced

Fixed

1e25e79f33e85703cfc3edd39eceaa3a3b5f471b

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.0.2"
        }
    ]
}

Affected versions

0.*

0.11-M3

v0.*

v0.1.0

v0.11

v0.11-M1

v0.11-M2

v0.11-M3

v0.11-M4

v0.11-RC1

v0.11-RC2

v0.12

v0.13

v0.14

v0.15

v0.16

v0.17

v0.18

v0.19

v0.2.0

v0.20

v0.21

v0.21.1

v0.22

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.7.1

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.9.0

v1.*

v1.0

v1.0-M1

v1.0-RC1

v1.0-RC2

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.1.0

v1.1.0-RC1

v1.1.0-RC2

v2.*

v2.0.0

v2.0.0-M2

v2.0.0-RC1

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.1.0

v2.1.0-M1

v2.1.0-RC1

v2.1.1

v3.*

v3.0.0

v3.0.0-RC1

v3.0.1

v3.1.0-M1

v3.1.0-M2

v4.*

v4.0.0

v4.0.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29471.json"