Hey everyone!
I’m using Flusk to secure my app and it recently flagged an vulnerability, but I need some help
It’s a Data Leak vulnerability described as followed:
Data leaks are database entries that are publicly accessible, this is because your app’s database is accessible publicly unless you define proper Privacy Rules. As a general rule, there should never be unprotected data unless its fully public (like a blog for example)
Here’s the additional data provided by the Flusk tool:
The following fields were marked as sensitive and have data leaking:
• Email ospite
• Evento
• ID scheduled email reminder
• Nome ospite
• Teleono ospite
• Transazione
More fields were found leaking but were reviewed or predicted as non-sensitive and therefore ignored (7)
1 fields were properly secured with no data leaks.
The following fields were marked as sensitive and have data leaking:
• Email ospite
• Evento
• ID scheduled email reminder
• Nome ospite
• Note
• Transazione
More fields were found leaking but were reviewed or predicted as non-sensitive and therefore ignored (6)
2 fields were properly secured with no data leaks.
It affects the database Prenotazioni
.
I have read the documentation of the vulnerability but I’m still unsure what to do next.
Here’s the link to the test
preview of my app: Capetoste, chi viene a cena?
Here’s what I understand:
I’ve set privacy rules for those fields, only users with specific “Role” can access them, “everyone else” have access to none of those files.
Here is an additional screenshot that might also help:
Do you have any clue what the vulnerability is about? And what I should be doing from there?
Any help would be really appreciated
Dimitri
Posted with the @Flusk tool
First of all, please read this article . Once you’re done reading read the rest of this comment.
Essentially, all your data objects (bubble things) are publicly visible unless you define privacy rules which make the only accessible to those who meet the rule you define (your privacy rule!)
system
Closed
December 11, 2024, 7:38am
3
This topic was automatically closed after 70 days. New replies are no longer allowed.