Vulnerability [RBAC] : GET:/api/v1/primary-transaction/{id}

[shadab3682]

Project : testing111

Template : ApiV1PrimaryTransactionIdGetDisallowedRbac

Run Id : 8a8080a169e2c7fa0169e2c936120059

Job : Default

Env : Default

Category : RBAC

Tags : [OWASP - OTG-IDENT-001 , FX Top 10 - API Vulnerability, Endpoint_Access_Control]

Severity : Major

Region : FXLabs/US_WEST_1

Result : fail

Status Code : 200

Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 03 Apr 2019 10:40:32 GMT]}

Endpoint : http://54.215.136.217/api/v1/primary-transaction/7nOcLMUM

Request :

Response :
{ "requestId" : "None", "requestTime" : "2019-04-03T10:40:32.621+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : "", "value" : null } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }

Logs :
com.fxlabs.fxt.bot.assertions.AssertionLogger@41efbcc9 --- FX Bot ---