rdblue opened a new issue, #16472: URL: https://github.com/apache/iceberg/issues/16472
> This issue was reported to the private Apache Iceberg security mailing list. The submitter is being kept anonymous because the report was sent to a private list. After review, the issue is not considered a serious vulnerability that needs to be kept private, so it is being filed publicly here for tracking and resolution. > > Note: this submission was generated by AI. Please review its claims and source references carefully before acting on them. # Summary Core REST flows consume server-supplied file paths and storage credentials without a central scheme, root, or prefix guard, leaving downstream FileIO policy as the only barrier. That means a REST catalog is not just describing a table. It can also steer where clients and distributed workers read from, what storage credentials they attach, and which schemes or FileIO implementations end up servicing those accesses. # Affected Maven coordinates * primary shipped client artifact: `org.apache.iceberg:iceberg-core` * downstream storage-credential consumers including `org.apache.iceberg:iceberg-aws`, `org.apache.iceberg:iceberg-azure`, and `org.apache.iceberg:iceberg-gcp` # Attacker prerequisites * control over REST catalog responses that carry file paths, table config, scan-planning results, or storage credentials * clients or workers that honor those returned locations and credentials without an independent scheme, root, or prefix policy # Impact * In the current design, a compromised REST catalog can steer clients or distributed workers toward unexpected local, HDFS, or object-store locations. * Some of this may be within the intended trust model for a fully trusted catalog, but the enforcement boundary is weak: security depends on downstream FileIO implementations and deployment discipline rather than a core invariant. # Proof status I reproduced this locally with a targeted reproducer or exploit. The observed result matches the trigger and impact described above. # Key source references * org.apache.iceberg.rest.responses.LoadTableResponse * org.apache.iceberg.rest.RESTSessionCatalog * org.apache.iceberg.rest.RESTTableScan * org.apache.iceberg.ContentFileParser * org.apache.iceberg.io.StorageCredential * org.apache.iceberg.io.ResolvingFileIO * org.apache.iceberg.hadoop.HadoopFileIO Current severity assessment [2]: Moderate [1] https://iceberg.apache.org/security/ [2] https://security.apache.org/blog/severityrating/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
