rdblue opened a new issue, #16467: URL: https://github.com/apache/iceberg/issues/16467
> This issue was reported to the private Apache Iceberg security mailing list. The submitter is being kept anonymous because the report was sent to a private list. After review, the issue is not considered a serious vulnerability that needs to be kept private, so it is being filed publicly here for tracking and resolution. > > Note: this submission was generated by AI. Please review its claims and source references carefully before acting on them. # Summary The BigQuery catalog mirrors full table and namespace property maps into BigQuery metadata, duplicating any sensitive properties into a broader control plane. # Affected Maven coordinates * primary shipped client artifact: `org.apache.iceberg:iceberg-bigquery` # Attacker prerequisites * access to the affected metadata, table-option, or row-return surface * a deployment where that surface is visible to callers who are not meant to receive the widened data or secret set # Impact * Secret-bearing or internal-only properties can become visible to any principal that can read the BigQuery table or dataset resource. * Even when operators already understand that Iceberg metadata JSON contains table properties, this code broadens the blast radius by duplicating the data into a separate permission domain. * Error handling can further widen exposure by serializing full table objects into exception messages. # Proof status I reproduced this locally with a targeted reproducer or exploit. The observed result matches the trigger and impact described above. # Key source references * org.apache.iceberg.gcp.bigquery.BigQueryTableOperations * org.apache.iceberg.gcp.bigquery.BigQueryMetastoreCatalog * org.apache.iceberg.gcp.bigquery.BigQueryMetastoreUtils * org.apache.iceberg.gcp.bigquery.BigQueryMetastoreClientImpl * org.apache.iceberg.BaseMetastoreCatalog Current severity assessment [2]: Moderate [1] https://iceberg.apache.org/security/ [2] https://security.apache.org/blog/severityrating/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
