Broken access control on bluemix containers

Posted by Oscar Martinez on Dec 09

# Date : 09/12/2016
# Author : Oscar Martinez
# Tested on:cf version 6.22.1+6b7af9c-2016-09-24 / Docker version 1.12.3,
build 6b644ec / API endpoint: https://api.ng.bluemix.net (API version:
2.54.0)
API endpoint: https://api.ng.bluemix.net (API version: 2.54.0)
# Vendor : IBM
# Software : bluemix https://www.ibm.com/cloud-computing/bluemix/

# Vulnerability Description:
It is assumed that a user with auditor role should not be able to create…

007 Software