Octasol - An open-source, trustless bounty platform on Solana, utilizing an escrow mechanism for secure transactions. It allows organizations to list bounties while verified developers can compete and win them without trust concerns.
Sensitive information, such as user details (e.g., names, emails, and session details), is currently being logged to the browser console in the production environment. This can pose a security and privacy risk, especially if someone gains access to these logs or if the data is inadvertently exposed.
Details
Affected Data:
User profile information (e.g., name, email, location, and other sensitive fields).
Session details such as sessionUser objects, including GitHub profile information.
Steps to Reproduce
Navigate to the live application in a browser.
Open the browser's Developer Tools (F12 or Ctrl + Shift + I).
Go to the Console tab.
Log in as a user, and go to the profile page or dashboard.
Observe logs containing sensitive data in the console.
Expected Behavior
No sensitive information (e.g., user emails, names, etc.) should be logged in the console, especially in a production environment.
Suggested Fix
Remove or sanitize console logs to prevent sensitive data from being exposed.
Ensure that logging is minimized or completely disabled in production builds.
Use environment checks (e.g., process.env.NODE_ENV) to conditionally log messages only in development mode.
Impact
This issue affects user privacy and can expose sensitive information, which is a potential risk for users of the platform.
Description
Sensitive information, such as user details (e.g., names, emails, and session details), is currently being logged to the browser console in the production environment. This can pose a security and privacy risk, especially if someone gains access to these logs or if the data is inadvertently exposed.
Details
sessionUser
objects, including GitHub profile information.Steps to Reproduce
F12
orCtrl + Shift + I
).Expected Behavior
Suggested Fix
process.env.NODE_ENV
) to conditionally log messages only in development mode.Impact
This issue affects user privacy and can expose sensitive information, which is a potential risk for users of the platform.