rdblue opened a new issue, #16468: URL: https://github.com/apache/iceberg/issues/16468
> This issue was reported to the private Apache Iceberg security mailing list. The submitter is being kept anonymous because the report was sent to a private list. After review, the issue is not considered a serious vulnerability that needs to be kept private, so it is being filed publicly here for tracking and resolution. > > Note: this submission was generated by AI. Please review its claims and source references carefully before acting on them. # Summary Per-table `bq_connection` is copied directly into BigQuery `connectionId`, letting table creators request any delegable connection resource unless policy is added externally. In practice that means a caller who is allowed to create tables can ask Iceberg to attach any BigQuery connection that the catalog's BigQuery identity is allowed to delegate. If some of those connections map to stronger service accounts or broader storage access, the caller can select a more privileged data path than intended. # Affected Maven coordinates * primary shipped client artifact: `org.apache.iceberg:iceberg-bigquery` # Attacker prerequisites * ability to create or update a table with the `bq_connection` property * a deployment where the catalog's BigQuery identity is allowed to delegate more than one connection resource and does not enforce its own allowlist # Impact * In a shared-catalog deployment, an untrusted table creator can request any connection resource that the catalog's BigQuery identity is allowed to delegate. * If some connections map to more privileged service accounts or broader storage access, the table creator can bind a table to a stronger credential than intended. * This is a policy-bypass risk, not because the code fabricates permissions, but because it does not constrain which already-delegable connection can be attached to a table. # Proof status I reproduced this locally with a targeted reproducer or exploit. The observed result matches the trigger and impact described above. # Key source references * org.apache.iceberg.gcp.bigquery.BigQueryTableOperations Current severity assessment [2]: Moderate [1] https://iceberg.apache.org/security/ [2] https://security.apache.org/blog/severityrating/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
