rdblue opened a new issue, #16486: URL: https://github.com/apache/iceberg/issues/16486
> This issue was reported to the private Apache Iceberg security mailing list. The submitter is being kept anonymous because the report was sent to a private list. After review, the issue is not considered a serious vulnerability that needs to be kept private, so it is being filed publicly here for tracking and resolution. > > Note: this submission was generated by AI. Please review its claims and source references carefully before acting on them. # Summary The REST catalog spec allows `signer.endpoint` to be absolute, and the Java client resolves an absolute value as-is instead of constraining it to the catalog base URI or `signer.uri`. That means a catalog is not merely choosing a different signing path under its own service. It can move remote signing traffic to a different origin entirely. Because remote signing requests include the object-store request URI, request headers, optional request body, and additional properties, this becomes a real origin-escape issue rather than a cosmetic URI-formatting concern. # Affected Maven coordinates * published spec artifact: `org.apache.iceberg:iceberg-open-api` * known implementation modules: `org.apache.iceberg:iceberg-core`, `org.apache.iceberg:iceberg-aws` # Attacker prerequisites * control over the catalog response or table configuration that sets `signer.endpoint` or `signer.uri` * a client that performs remote signing and does not enforce same-origin or allow-list checks for signer endpoints # Impact * Exfiltration of object-store request details. * Exfiltration of catalog bearer tokens or signer auth material if the client reuses auth toward the signer. * Confused-deputy behavior where a trusted catalog causes clients to call an unrelated host with privileged context. # Proof status Source review only. The issue is visible directly in the published spec text. # Key source references * open-api/rest-catalog-open-api.yaml * org.apache.iceberg.rest.RESTUtil * org.apache.iceberg.aws.s3.signer.S3V4RestSignerClient Current severity assessment [2]: Important [1] https://iceberg.apache.org/security/ [2] https://security.apache.org/blog/severityrating/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
