Hey everyone!
I’m using Flusk to secure my app and it recently detected a security vulnerability that I’m not sure how to fix.
It’s a Data Leak vulnerability described as followed:
Here’s the additional data provided by the Flusk tool:
It affects the database Access Request
.
I have read the documentation of the vulnerability but I’m still unsure what to do next.
Here’s the link to the test
preview of my app: https://tier-tech.bubbleapps.io/version-test/
Here’s what I understand:
I understand that this shouldn’t be publicly accessible, but this is how a user signs up after being invited to the platform. So, it needs to be accessible by a logged out user. They get a link in their email with the unique ID of the access request, then when they sign up, it connects them to all of the data they should see.
Here’s what I have tried so far:
Nothing yet
How could I secure this so that not just anyone can find these, but so that the person receiving the email can still see it even though they aren’t logged into the platform yet?
Do you have any clue what the vulnerability is about? And what I should be doing from there?
Any help would be really appreciated
Kyra
Posted with the @Flusk tool