Bykea: Improper Access Control Allows Trip Hijacking and Passenger/Driver PII Disclosure

The vulnerability discovered allowed improper access control, enabling an attacker to hijack trips and disclose passenger and driver personally identifiable information. The /acknowledgedtheoffer and /accept endpoints failed to properly validate the ownership of the tripid, allowing an attacker t...