jaleelsyed / fx-local

0 stars 0 forks source link

Unsecured on GET:/api/v1/primary-transaction #207

Open jaleelsyed opened 2 years ago

jaleelsyed commented 2 years ago

Title: Unsecured Vulnerability on GET:/api/v1/primary-transaction Project: NBfile upload Description: The unsecured exploit gives an attacker full access to the vulnerable endpoint without credentials.

Assertion The 'Unsecured Endpoint' scanning identifies vulnerabilities resulting from the non-protected endpoints. These endpoints requires no authentication scheme and are open for both authenticated and non-authenticated requests.Risk: Unsecured Severity: Medium API Endpoint: http://netbanking.apisec.ai:8080/api/v1/primary-transaction Environment: Master Playbook: ApiV1PrimaryTransactionGetAnonymousInvalid Researcher:

QUICK TIPS

Suggestion: Make sure the endpoint is secured as part of the authentication framework. Effort Estimate: 4.0 Hrs Wire Logs:

IMPORTANT LINKS

Vulnerability Details: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/recommendations/402880e48184c72c018184ecb40e0017/details

Project: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/jobs

Environment: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/environments/null/edit

Scan Dashboard: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/jobs/402880e880034ee501800350bdd0017e/runs/402880e48184c72c018184ec8716000b

Playbook: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/template/ApiV1PrimaryTransactionGetAnonymousInvalid

Coverage: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/configuration

Code Sample: https://cloud.fxlabs.io/#/app/projects/402880e880034ee50180035074de0000/recommendations/402880e48184c72c018184ecb40e0017/codesamples

PS: Please contact support@apisec.ai for apisec access and login issues.

--- apisec Bot ---