Introducing Akka Cloud to Edge Continuum. Build once for the Cloud. Seamlessly deploy to the Edge. Learn More
 

Akka logs environment variables

Date

2023-10-31

CVE

CVE-2023-45865

Description of Vulnerability

Environment variable values that are included in configuration are logged as plaintext when log-config-on-start is enabled in Akka. Such environment variables may contain secrets that should not be revealed.

Severity

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

Overall CVSS Score: 5.4

Impact

A person with access to service logs could gain credentials.

Resolution

Environment variable values from config are not logged.

Affected versions

Fixed versions

References