Jean-Baptiste Onofré

**Name of the Vulnerable Software and Affected Versions** Apache Polaris (affected versions not specified) **Description** Apache Polaris issues broad temporary storage credentials during staged table creation before validating or reserving the effective table location. This allows an attacker to direct the scope of accessible table data and metadata by choosing a reachable target location. Specifically, if a caller provides a custom `location` during stage create and requests credential vending, the system constructs delegated storage credentials immediately without performing normal location validation or overlap checks. Additionally, the staged-create flow accepts `write.data.path` and `write.metadata.path` in request properties, which act as location overrides and are used for credential vending without prior validation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Polaris version 1.4.0 **Description** Apache Polaris allows the use of literal `*` characters in namespace and table names. These characters are reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions when building temporary S3 access policies for delegated table access. Since S3 IAM policy matching treats `*` as a wildcard, temporary credentials issued for a crafted table can match the storage path of a different table. This allows an attacker to read another table's metadata control files, list S3 table prefixes, and, if write delegation is granted, create or delete objects under another table's S3 prefix. This issue can be exploited even if the attacker has minimal permissions, such as namespace-scoped `TABLE CREATE` and `TABLE WRITE DATA` on `*`, enabling unauthorized access to data and metadata of other tables. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Polaris version 1.4.0 **Description** Apache Polaris fails to properly escape namespace and table identifiers when constructing Common Expression Language (CEL) strings for Google Cloud Storage (GCS) Credential Access Boundaries (CAB). This allows a crafted namespace or table name containing single quotes and URI-safe CEL fragments to break out of the intended quoted string and alter the CEL condition. Consequently, short-lived GCS credentials intended for a single table can be broadened to provide bucket-wide access within the configured bucket. This enables unauthorized actions, including listing, reading, creating, and deleting objects under other tables' prefixes or unrelated external prefixes in the same bucket. **Recommendations** For version 1.4.0, restrict the use of crafted namespace or table identifiers until a fix is applied.

**Name of the Vulnerable Software and Affected Versions** Apache Polaris versions prior to 1.4.1 **Description** Changing the `write.metadata.path` table property via an `ALTER TABLE` settings change allows a user to bypass the commit-time branch intended to revalidate storage locations. This defect enables Apache Polaris to write table metadata to an attacker-chosen storage location before location validation occurs. If the catalog is configured with `polaris.config.allow.unstructured.table.location=true` and the `allowedLocations` allowlist is broad enough, this can lead to the persistence of the malicious path in the table state. Consequently, table-load and credential APIs may issue temporary cloud-storage credentials for the attacker-specified area, potentially exposing, modifying, or corrupting data and metadata within that storage scope, including other tables or bucket roots. **Recommendations** Update to version 1.4.1. Restrict the ability to change table properties. Enforce strict storage allowlists within the `allowedLocations` configuration.