Thanks for the report! I've added and confirmed the OSSA task.
Here is impact description draft #1:
Title: Unauthorized delete of versioned Swift object
Reporter: Clay Gerrard (Rackspace)
Products: Swift
Affects: up to version 2.2.2
Description:
Clay Gerrard from Rackspace reported a vulnerability in Swift object versioning. An authenticated user can delete the most recent version of any versioned object who's name is known if the user have listing access to the x-versions-location container. Only Swift setups with allow_version setting are affected.
Thanks for the report! I've added and confirmed the OSSA task.
Here is impact description draft #1:
Title: Unauthorized delete of versioned Swift object
Reporter: Clay Gerrard (Rackspace)
Products: Swift
Affects: up to version 2.2.2
Description:
Clay Gerrard from Rackspace reported a vulnerability in Swift object versioning. An authenticated user can delete the most recent version of any versioned object who's name is known if the user have listing access to the x-versions-location container. Only Swift setups with allow_version setting are affected.