Unable to send API requests: 403. #2405
Description
Describe the bug
I am getting 403 when trying to send data to /deepfence/ingest/vulnerabilities
To Reproduce
Add your installation URL in base_url and update api_token.
# Define the base URL
base_url="FILLME"
# Get the access token
response=$(curl -k "${base_url}/deepfence/auth/token" \
-H "Content-Type: application/json" \
-d '{"api_token": "FILLME"}')
# Extract the access token using jq
access_token=$(echo $response | jq -r '.access_token')
# Get API token
curl -X GET \
"${base_url}/deepfence/api-token" \
-H "Content-Type: application/json" \
-H 'accept: */*' \
-H "Authorization: Bearer $access_token"
# Post vulnerabilities
curl -X POST \
"${base_url}/deepfence/ingest/vulnerabilities" \
-H "Content-Type: application/json" \
-H 'accept: */*' \
-H "Authorization: Bearer $access_token" \
-v \
-d '[
{
"cve_attack_vector": "",
"cve_caused_by_package": "virtualenv",
"cve_caused_by_package_path": "",
"cve_container_layer": "",
"cve_cvss_score": 0,
"cve_description": "",
"cve_fixed_in": "20.26.6",
"cve_id": "CVE-2024-53899",
"cve_link": "https://github.com/advisories/GHSA-rqc4-2hc7-8c8v",
"cve_overall_score": 0,
"cve_severity": "unknown",
"cve_type": "",
"exploit_poc": "",
"exploitability_score": 0,
"has_live_connection": false,
"init_exploitability_score": 0,
"parsed_attack_vector": "",
"scan_id": "5789612254",
"urls": [
"https://github.com/advisories/GHSA-rqc4-2hc7-8c8v"
]
}
]'
I get 403 response code on {base_url}/deepfence/ingest/vulnerabilities".
"${base_url}/deepfence/api-token" is returning data so token is ok. I am admin.
Expected behavior
HTTP 202, accepted by threatmapper
Screenshots
Components/Services affected
- UI/Frontend
- [+] API/Backend
- Agent
- Deployment/YAMLs
- CI/CD Integration
- Other (specify)