Comment 11 for bug 1430645
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: unauthorized delete from container with x-version-location | #11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Clay, I pulled that info from your openstack community member profile ( https:/
Other than that, is the impact description accurate enough ?
Title: Unauthorized delete of versioned Swift object
Reporter: Clay Gerrard (SwiftStack)
Products: Swift
Affects: up to version 2.2.2
Description:
Clay Gerrard from SwiftStack reported a vulnerability in Swift object versioning. An authenticated user can delete the most recent version of any versioned object who's name is known if the user have listing access to the x-versions-location container. Only Swift setups with allow_version setting are affected.