CVE-2023-29471 — MEDIUM (5.5)

Q: How severe is CVE-2023-29471?

CVE-2023-29471 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-29471?

Check the references section above for vendor advisories and patch information. Affected products include: Lightbend Alpakka Kafka.

Vulnerability Description

Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Lightbend	Alpakka Kafka	< 4.0.2

Related Weaknesses (CWE)

CWE-312

References

https://akka.io/security/alpakka-kafka-cve-2023-29471.htmlVendor Advisory
https://github.com/akka/alpakka-kafka/issues/1592Issue Tracking
https://akka.io/security/alpakka-kafka-cve-2023-29471.htmlVendor Advisory
https://github.com/akka/alpakka-kafka/issues/1592Issue Tracking

FAQ

What is CVE-2023-29471?

CVE-2023-29471 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.interna...

How severe is CVE-2023-29471?

CVE-2023-29471 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-29471?

Check the references section above for vendor advisories and patch information. Affected products include: Lightbend Alpakka Kafka.