rdblue opened a new issue, #16489: URL: https://github.com/apache/iceberg/issues/16489
> This issue was reported to the private Apache Iceberg security mailing list. The submitter is being kept anonymous because the report was sent to a private list. After review, the issue is not considered a serious vulnerability that needs to be kept private, so it is being filed publicly here for tracking and resolution. > > Note: this submission was generated by AI. Please review its claims and source references carefully before acting on them. # Summary The `register table` and `register view` request schemas accept an arbitrary `metadata-location` string. The published contract does not restrict the scheme, host, or network location, so values such as `file:///...`, loopback URLs, or link-local metadata endpoints are all in scope unless a server adds its own policy. This matters because registration is exactly the kind of feature where implementations often validate or read the referenced metadata before completing the operation. If a server dereferences the supplied location, the schema has already allowed the attacker to choose what local file or network endpoint the server will touch. # Affected Maven coordinates * published spec artifact: `org.apache.iceberg:iceberg-open-api` * parsers and request models in `org.apache.iceberg:iceberg-core` # Attacker prerequisites * ability to call the table or view registration endpoint, or otherwise influence the supplied `metadata-location` * a server implementation that validates, reads, or otherwise dereferences that location during registration or later reconciliation # Exploit shape * Submit a registration request whose `metadata-location` points at a local file or internal HTTP endpoint rather than an approved warehouse object. * The server accepts the request because the schema treats the field as an unconstrained string. * A weak implementation later dereferences that location and ends up reading a local file, probing an internal network target, or binding a table to storage outside the intended warehouse policy. # Impact * A weak implementation can be induced to read local files or reach internal network targets. * Multi-tenant catalogs can be tricked into binding tables or views to locations outside approved storage boundaries. # Proof status I reproduced this locally with a targeted reproducer or exploit. The observed result matches the trigger and impact described above. # Key source references * open-api/rest-catalog-open-api.yaml Current severity assessment [2]: Moderate [1] https://iceberg.apache.org/security/ [2] https://security.apache.org/blog/severityrating/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
