Comment 7 for bug 1430645
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: unauthorized delete from container with x-version-location | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Thanks for the report! I've added and confirmed the OSSA task.
Here is impact description draft #1:
Title: Unauthorized delete of versioned Swift object
Reporter: Clay Gerrard (Rackspace)
Products: Swift
Affects: up to version 2.2.2
Description:
Clay Gerrard from Rackspace reported a vulnerability in Swift object versioning. An authenticated user can delete the most recent version of any versioned object who's name is known if the user have listing access to the x-versions-location container. Only Swift setups with allow_version setting are affected.