VDB
GCVE-110-CONFSA-2023-0003
GCVE-110-CONFSA-2023-0003
Advisory Published
Impacted versions Confluent Platform versions 5.5.0-5.5.14, 6.0.0-6.0.12, 6.1.0-6.1.10, 6.2.0-6.2.9, 7.0.0-7.0.8, 7.1.0-7.1.6, 7.2.0-7.2.4, 7.3.0-7.3.2. By default, these versions are not vulnerable unless Confluent Platform logging configurations are overridden and the log level is set to Debug . There is no impact to Confluent Cloud due to appropriate logging levels configured for managed Confluent Kafka clusters. Issue Multiple Debug level logging statements were identified in Confluent Platform that would result in either sensitive client credentials or underlying Confluent Kafka HTTP REST based requests to be logged that may also include sensitive parameters. The security issue only manifests when the logging level is set to Debug level. As a result, any instantiation of Confluent Platform components with Debug level enabled can result in un-obfuscated sensitive information to be displayed in standard output and exposed to any downstream logging pipelines. Remediation We have included fixes in the updated Confluent Platform versions 5.5.15, 6.0.13, 6.1.11, 6.2.10, 7.0.9, 7.1.7, 7.2.5, 7.3.3. These fixes adequately address this issue, as the vulnerable Debug level logging statement was refactored to remove sensitive values. We also advise all the Confluent Platform users to validate logging configurations and ensure that log level is set above Debug level, especially in Production configurations. CVSS Score 4.4 CVSS v3.1 Calculator https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N&version=3.1
Aliases
Browse GCVE Records
73,685 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.