V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2023-29471
CVE
Medium

Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain clea…

CVSS
5.5
Medium
EPSS
0.00
p4
Published
2023-01-01
Updated
2023-01-01
Description

Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.

Tags · CWE
CWE-312
CAPEC-37
Affected products
Alpakka_kafka < 4.0.2
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Timeline
2023-01-01
Published
2023-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: N
None (N)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.002 · p4
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-37 · CWE-312
└ via CAPEC-37 · CWE-312
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
alpakka_kafka*Tracked
Source databases
CVE