Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON

Description

Summary

Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have write privilege on SQL level.

Details

Iceberg REST catalog typically needs access to object storage. This access can be configured in multiple different ways. When storage access is achieved by static credentials (e.g. AWS S3 access key) or vended credentials (temporary access key).

Query JSON is a query visualization and performance troubleshooting facility. It includes serialized query plan and handles for table writes or execution of table procedures. A user that submitted a query has access to query JSON for their query. Query JSON is available from Trino UI or via /ui/api/query/«query_id» and /v1/query/«query_id» endpoints.

The storage credentials are stored in those handles when performing write operations, or table maintenance operations. They are serialized in query JSON. A user with write access to data in Iceberg connector configured to use REST Catalog with static or vended credentials can retrieve those credentials.

Impact

Anyone using Iceberg REST catalog with static or vended credentials is impacted.
The credentials should be considered compromised.
Vended credentials are temporary in nature so they do not need to be rotated. However, underlying data could have been exposed.

Basic information

Type
reviewed
Severity
high
Advisory on GitHub
Open advisory ↗
Repository advisory
Open repository advisory ↗
Source code
Browse source ↗
Published (advisory)
2026-03-29 15:13:30 UTC
Updated
2026-03-31 18:51:31 UTC
GitHub reviewed
2026-03-29 15:13:30 UTC
NVD published
2026-03-31

EPSS Score

Score Percentile
0.01% 3.26%

CVSS Scores

Base score Version Severity Vector
7.7 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.

Identifiers

CWEs

CWE id Name
CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer
CWE-312 Cleartext Storage of Sensitive Information

Credits

  • findinpath (remediation_developer)
  • ebyhr (remediation_developer)
  • chenjian2664 (remediation_developer)
  • losipiuk (remediation_reviewer)
  • findepi (coordinator)

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
maven io.trino:trino-iceberg >= 439, < 480 480

References

cvelogic Threat Intelligence