org.apache.kafka.common.security.plain.PlainLoginModule are logged as plaintext
when debug logging is enabled.
Overall CVSS Score: 5.4
A person with access to service logs could gain credentials to Kafka servers.
An allow list limiting what Kafka Consumer/Producer properties is printed was implemented, filtering out credentials.
alpakka-kafkaup to 4.0.0
alpakka-kafka4.0.2 and later
Thanks Paweł Cembaluk for reporting the issue