GHSA-55VQ-XPJF-R2XC Lightbend Alpakka Kafka logs credentials on debug level

Lightbend Alpakka Kafka before 4.0.2 logs its configuration as debug information, and thus log files may contain credentials if plain cleartext login is configured. This occurs in akka.kafka.internal.KafkaConsumerActor...

PT-2023-22270 · Lightbend · Alpakka Kafka

Name of the Vulnerable Software and Affected Versions: Lightbend Alpakka Kafka versions prior to 5.0.0 Description: The issue allows log files to contain credentials if plain cleartext login is configured, as the configuration is logged as debug information. This occurs in the...