"A security researcher claims that the issue enabled viewing source code, login credentials, and chat history from other projects using a free account."
"The leak reportedly stemmed from a so-called Broken Object Level Authorization vulnerability, in which insufficient checks are performed to verify whether a user has the rights to request certain data."
"Lovable explained how the distinction between public and private projects led to confusion in practice, as users had assumed that only published applications were visible."
"Lovable states that the issue has since been resolved and that chat data from projects is no longer accessible to other users."
Lovable, an AI development platform, encountered backlash after a vulnerability allowed users to access sensitive data from other projects. A security researcher revealed that minimal API requests could expose source code, login credentials, and chat history. The issue stemmed from a Broken Object Level Authorization vulnerability. Lovable initially denied a data breach, attributing the visibility to public project settings. After further clarification, the company acknowledged confusion over data access and has since restricted chat data visibility to resolve the issue.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]