How to fix Data Leak

Hey everyone!
I’m using Flusk to secure my app and it recently detected a security vulnerability that I’m not sure how to fix.

It’s a Data Leak vulnerability described as followed:

Here’s the additional data provided by the Flusk tool:


It affects the database Access Request.
I have read the documentation of the vulnerability but I’m still unsure what to do next.

Here’s the link to the test preview of my app: https://tier-tech.bubbleapps.io/version-test/

Here’s what I understand:
I understand that this shouldn’t be publicly accessible, but this is how a user signs up after being invited to the platform. So, it needs to be accessible by a logged out user. They get a link in their email with the unique ID of the access request, then when they sign up, it connects them to all of the data they should see.

Here’s what I have tried so far:
Nothing yet

How could I secure this so that not just anyone can find these, but so that the person receiving the email can still see it even though they aren’t logged into the platform yet?

Do you have any clue what the vulnerability is about? And what I should be doing from there?

Any help would be really appreciated :pray:

Kyra


Posted with the @Flusk tool

Add privacy rules

Return data from a backend workflow that bypasses privacy rules and call that from the front-end.

Awesome thank you. I just recently used this solution on another project and promptly forgot all about it

This topic was automatically closed after 70 days. New replies are no longer allowed.