This issue was reported to the private Apache Iceberg security mailing list. The submitter is being kept anonymous because the report was sent to a private list. After review, the issue is not considered a serious vulnerability that needs to be kept private, so it is being filed publicly here for tracking and resolution.
Note: this submission was generated by AI. Please review its claims and source references carefully before acting on them.
Summary
gcs.service.host can redirect authenticated GCS traffic, including
OAuth credentials and encryption options, to arbitrary endpoints.
Affected Maven coordinates
- primary shipped client artifact:
org.apache.iceberg:iceberg-gcp
- bundle artifact:
org.apache.iceberg:iceberg-gcp-bundle
Attacker prerequisites
- control over the affected catalog response, configuration surface,
or spec-consumed routing value
- a client or service that honors the affected configuration without
an additional allow-list
Impact
- Any caller that can influence FileIO properties can redirect GCS API
calls away from Google endpoints.
- The redirected traffic still carries OAuth credentials when auth is enabled.
- Request options may also include customer-supplied encryption keys
via gcs.encryption-key / gcs.decryption-key.
Proof status
Source review only. The issue is visible directly from source.
Key source references
- org.apache.iceberg.gcp.GCPProperties
- org.apache.iceberg.gcp.gcs.PrefixedStorage
- org.apache.iceberg.rest.RESTSessionCatalog
Summary
gcs.service.hostcan redirect authenticated GCS traffic, includingOAuth credentials and encryption options, to arbitrary endpoints.
Affected Maven coordinates
org.apache.iceberg:iceberg-gcporg.apache.iceberg:iceberg-gcp-bundleAttacker prerequisites
or spec-consumed routing value
an additional allow-list
Impact
calls away from Google endpoints.
via
gcs.encryption-key/gcs.decryption-key.Proof status
Source review only. The issue is visible directly from source.
Key source references