delta/openstack/swift.git - opendev.org: openstack/swift.git

diff options

author	John Dickinson <me@not.mn>	2015-03-20 10:17:25 +0000
committer	John Dickinson <me@not.mn>	2015-04-13 23:34:10 -0700
commit	dd9d97458ea007024220a78dba8dd663e8b425d7 (patch)
tree	0f1afe6d3db88391920698df9d8f1f5b846b541c /swift/account/reaper.py
parent	ce596684f6279d7dda39141cf786a40fd78e7ce3 (diff)
download	swift-dd9d97458ea007024220a78dba8dd663e8b425d7.tar.gz

Prevent unauthorized delete in versioned container

An authenticated user can delete the most recent version of any versioned object who's name is known if the user has listing access to the x-versions-location container. Only Swift setups with allow_version setting are affected. This patch closes this bug, tracked as CVE-2015-1856 Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com> Co-Authored-By: Christian Schwede <info@cschwede.de> Co-Authored-By: Alistair Coles <alistair.coles@hp.com> Closes-Bug: 1430645 Change-Id: Ibacc7413afe7cb6f77d92e5941dcfdf4768ffa18

Diffstat (limited to 'swift/account/reaper.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: