Quarkus Context Propagation Vulnerability Leading to Data Leakage

A potential data leakage vulnerability has been identified in Quarkus versions prior to 3.24.0. This issue arises when a duplicated context is duplicated again, leading to unintended data transfer between transactions. Quarkus relies heavily on Vert.x's context propagation, and the recent change in Vert.x's context duplication semantics has exacerbated this issue. As a result, sensitive information such as request scope, security details, and metadata can inadvertently leak from one transaction to another. This vulnerability is particularly relevant for Quarkus Messaging connectors, where such context duplication can occur.

Impact

The vulnerability allows for a significant data leak between different units of processing, disrupting the application's logging and telemetry accuracy. This could lead to operational challenges, as observed in the context of a Quarkus application using the REST client with OpenTelemetry, where the leaked data caused confusion during issue analysis.

Reproduction

The vulnerability can be reproduced by running a Quarkus application with a Vert.x logging context that relies on the default context propagation. When a duplicated context is duplicated again, the VertxMDC changes, indicating a leak of context data. This behavior can be observed in Quarkus versions 3.18.1 and 3.23.0, but not in 3.18.0 or prior.

Remediation

Users can manually manage context duplication to avoid leaks by using a specific code snippet that duplicates the context without carrying over the local data, effectively preventing the leakage. This workaround can be applied until the Quarkus framework is updated to a version that includes the necessary fix.