Not able to retrieve badge from the API without ACCESS_MANAGEMENT permission #4575

nvkhoa666 · 2025-01-22T09:08:33Z

Current Behavior

With the default "Badge Viewers" team in Dependency Track, the API to retrieve a project's vulnerabilities badge (/v1/badge/vulns/project/:project/:version) returns 403. If the permission ACCESS_MANAGEMENT is added to that team, then it will work as expected.

Steps to Reproduce

Use the API Key from the default "Badge Viewers" to query the API /v1/badge/vulns/project/:project/:version
Server returns 403
Add the permission ACCESS_MANAGEMENT to the "Badge Viewers" team
Use the API Key from the default "Badge Viewers" to query the API /v1/badge/vulns/project/:project/:version
Server returns 200

Expected Behavior

API requests to retrieve badges should work with only VIEW_BADGE permission

Dependency-Track Version

4.12.2

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

No response

Browser

N/A

Checklist

I have read and understand the contributing guidelines
I have checked the existing issues for whether this defect was already reported

The text was updated successfully, but these errors were encountered:

nvkhoa666 added defect Something isn't working in triage labels Jan 22, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Not able to retrieve badge from the API without ACCESS_MANAGEMENT permission #4575

Not able to retrieve badge from the API without ACCESS_MANAGEMENT permission #4575

nvkhoa666 commented Jan 22, 2025

Not able to retrieve badge from the API without ACCESS_MANAGEMENT permission #4575

Not able to retrieve badge from the API without ACCESS_MANAGEMENT permission #4575

Comments

nvkhoa666 commented Jan 22, 2025

Current Behavior

Steps to Reproduce

Expected Behavior

Dependency-Track Version

Dependency-Track Distribution

Database Server

Database Server Version

Browser

Checklist