Monthly
Apache Kafka's NetworkClient component logs entire request and response payloads at DEBUG level, exposing sensitive authentication credentials, delegation tokens, and configuration data in plaintext logs. This affects Kafka versions 0.11.0 through 3.9.1 and 4.0.0 across the broker and client libraries. While DEBUG logging is not enabled by default (INFO is the standard), organizations that enable DEBUG logging for troubleshooting inadvertently create persistent records of authentication material and secrets that can be harvested by local log readers or accessed via log aggregation systems. CVSS 5.3 reflects low network attack surface (requires prior DEBUG enablement), but SSVC rates this as automatable with partial technical impact, suitable for prioritization in environments using centralized logging.
Apache Kafka's NetworkClient component logs entire request and response payloads at DEBUG level, exposing sensitive authentication credentials, delegation tokens, and configuration data in plaintext logs. This affects Kafka versions 0.11.0 through 3.9.1 and 4.0.0 across the broker and client libraries. While DEBUG logging is not enabled by default (INFO is the standard), organizations that enable DEBUG logging for troubleshooting inadvertently create persistent records of authentication material and secrets that can be harvested by local log readers or accessed via log aggregation systems. CVSS 5.3 reflects low network attack surface (requires prior DEBUG enablement), but SSVC rates this as automatable with partial technical impact, suitable for prioritization in environments using centralized logging.