rdblue opened a new issue, #16477: URL: https://github.com/apache/iceberg/issues/16477
> This issue was reported to the private Apache Iceberg security mailing list. The submitter is being kept anonymous because the report was sent to a private list. After review, the issue is not considered a serious vulnerability that needs to be kept private, so it is being filed publicly here for tracking and resolution. > > Note: this submission was generated by AI. Please review its claims and source references carefully before acting on them. # Summary Flink maintenance locks can be cleared by another job because unlock paths do not verify ownership tokens. # Affected Maven coordinates * versioned integration artifacts: `org.apache.iceberg:iceberg-flink-1.20`, `org.apache.iceberg:iceberg-flink-2.0`, `org.apache.iceberg:iceberg-flink-2.1` # Attacker prerequisites * ability to call the affected maintenance, DDL, or cleanup path * a deployment where that caller should not be able to target the broader resource set that the current code allows # Impact * A second job instance can clear a live maintenance or recovery lock that belongs to another job. * That undermines the lock's integrity guarantees and can permit overlapping maintenance actions such as orphan-file deletion, snapshot expiration, or rewrite tasks. * The resulting failure mode is integrity loss, not just availability loss. # Proof status Source review only. The issue is visible directly from source. # Key source references * org.apache.iceberg.flink.maintenance.operator.TriggerManager * org.apache.iceberg.flink.maintenance.api.JdbcLockFactory * org.apache.iceberg.flink.maintenance.api.ZkLockFactory * org.apache.iceberg.flink.maintenance.operator.LockRemover Current severity assessment [2]: Important [1] https://iceberg.apache.org/security/ [2] https://security.apache.org/blog/severityrating/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
