Prevent unauthorized delete in versioned container
An authenticated user can delete the most recent version of any
versioned object who's name is known if the user has listing access
to the x-versions-location container. Only Swift setups with
allow_version setting are affected.
This patch closes this bug, tracked as CVE-2015-1856.
Co-Authored-By: Clay Gerrard <email address hidden>
Co-Authored-By: Christian Schwede <email address hidden>
Co-Authored-By: Alistair Coles <email address hidden>
Reviewed: https:/ /review. openstack. org/173363 /git.openstack. org/cgit/ openstack/ swift/commit/ ?id=85afe931657 0855c87ea731d06 27f6f8f2b73264
Committed: https:/
Submitter: Jenkins
Branch: stable/juno
commit 85afe9316570855 c87ea731d0627f6 f8f2b73264
Author: Alistair Coles <email address hidden>
Date: Fri Apr 3 17:05:36 2015 +0100
Prevent unauthorized delete in versioned container
An authenticated user can delete the most recent version of any
versioned object who's name is known if the user has listing access
to the x-versions-location container. Only Swift setups with
allow_version setting are affected.
This patch closes this bug, tracked as CVE-2015-1856.
Co-Authored-By: Clay Gerrard <email address hidden>
Co-Authored-By: Christian Schwede <email address hidden>
Co-Authored-By: Alistair Coles <email address hidden>
Closes-Bug: 1430645
Change-Id: I74448c12bc4d4c d07d4300f452cf3 dd6f66ca70a