AIKIDO-2024-10488
akka-actor_2.13 is vulnerable to Insertion of Sensitive Information into Log File
56
Medium Risk
This Affects:
akka-actor_2.13TL;DR
In Akka, enabling the log-config-on-start option causes environment variable values included in the configuration to be logged in plaintext. This can inadvertently expose sensitive information, such as secrets, API keys, or credentials, in log files. Logging these values creates a security risk, as unauthorized access to logs could lead to the disclosure of confidential data. To mitigate this issue, it is recommended to disable log-config-on-start or upgrade the library.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range and log-config-on-start is enabled.
Background info
akka-actor_2.13 is vulnerable to Insertion of Sensitive Information into Log File in versions 2.0 - 2.8.5.
How to fix this
Upgrade the com.typesafe.akka:akka-actor library to the patch version or disable log-config-on-start.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant