Akka logs environment variables

2023-10-31

CVE-2023-45865

Environment variable values that are included in configuration are logged as plaintext when log-config-on-start is enabled in Akka. Such environment variables may contain secrets that should not be revealed.

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

Overall CVSS Score: 5.4

A person with access to service logs could gain credentials.

Environment variable values from config are not logged.