Unable to send API requests: 403.

[jacoor]

Describe the bug
I am getting 403 when trying to send data to /deepfence/ingest/vulnerabilities

To Reproduce
Add your installation URL in base_url and update api_token.

# Define the base URL
base_url="FILLME"

# Get the access token
response=$(curl -k "${base_url}/deepfence/auth/token" \
  -H "Content-Type: application/json" \
  -d '{"api_token": "FILLME"}')

# Extract the access token using jq
access_token=$(echo $response | jq -r '.access_token')

# Get API token
curl -X GET \
  "${base_url}/deepfence/api-token" \
  -H "Content-Type: application/json" \
  -H 'accept: */*' \
  -H "Authorization: Bearer $access_token"

# Post vulnerabilities
curl -X POST \
  "${base_url}/deepfence/ingest/vulnerabilities" \
  -H "Content-Type: application/json" \
  -H 'accept: */*' \
  -H "Authorization: Bearer $access_token" \
  -v \
  -d '[
    {
      "cve_attack_vector": "",
      "cve_caused_by_package": "virtualenv",
      "cve_caused_by_package_path": "",
      "cve_container_layer": "",
      "cve_cvss_score": 0,
      "cve_description": "",
      "cve_fixed_in": "20.26.6",
      "cve_id": "CVE-2024-53899",
      "cve_link": "https://github.com/advisories/GHSA-rqc4-2hc7-8c8v",
      "cve_overall_score": 0,
      "cve_severity": "unknown",
      "cve_type": "",
      "exploit_poc": "",
      "exploitability_score": 0,
      "has_live_connection": false,
      "init_exploitability_score": 0,
      "parsed_attack_vector": "",
      "scan_id": "5789612254",
      "urls": [
        "https://github.com/advisories/GHSA-rqc4-2hc7-8c8v"
      ]
    }
  ]'

I get 403 response code on {base_url}/deepfence/ingest/vulnerabilities".
"${base_url}/deepfence/api-token" is returning data so token is ok. I am admin.

Expected behavior
HTTP 202, accepted by threatmapper

Screenshots

Components/Services affected

• UI/Frontend
• [+] API/Backend
• Agent
• Deployment/YAMLs
• CI/CD Integration
• Other (specify)