rdblue opened a new issue, #17003:
URL: https://github.com/apache/iceberg/issues/17003

   > This issue was reported to the private Apache Iceberg security mailing 
list. The submitter is being kept anonymous because the report was sent to a 
private list. After review, the issue is not considered a serious vulnerability 
that needs to be kept private, so it is being filed publicly here for tracking 
and resolution.
   >
   > Note: this submission was generated by AI. Please review its claims and 
source references carefully before acting on them.
   
   # Summary
   
   S3 prefix-scoped credentials are matched with raw string prefixes,
   which can over-apply credentials to sibling keys that merely share the
   same characters.
   
   # Affected Maven coordinates
   
   * primary shipped client artifact: `org.apache.iceberg:iceberg-aws`
   * bundle artifact: `org.apache.iceberg:iceberg-aws-bundle`
   
   # Attacker prerequisites
   
   * control over a path, prefix, batch, or file list that sits adjacent
   to a legitimately scoped prefix
   * ability to trigger the credential-selection or cleanup path with
   that crafted input
   
   # Impact
   
   * Overbroad use of path-scoped credentials
   * Potential access to sibling paths not intended to share the same 
credentials
   * Risk is higher when the credential-vending side assumes the client
   will enforce exact subtree boundaries
   * This is also the client-side shape that can amplify reused-prefix or
   overlapping-location mistakes: once upstream issues a prefix that is
   broader or ambiguously canonicalized, Iceberg does not add a second
   boundary check here.
   
   # Proof status
   
   I reproduced this locally with a targeted reproducer or exploit.
   The observed result matches the trigger and impact described above.
   
   # Key source references
   
   * org.apache.iceberg.aws.s3.S3FileIO
   * org.apache.iceberg.rest.responses.LoadTableResponse
   * org.apache.iceberg.rest.RESTSessionCatalog


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to