search

alexabbott / firebase-cms

A CMS + E-commerce platform built with Angular and Firebase
https://fir-cms-76f54.firebaseapp.com/
MIT License
313 stars 125 forks source link

Vulnerabilities in Firebase Database Rules #17

Open omer88 opened 6 years ago

omer88 commented 6 years ago

In addition to issue #10 and as evident from this report there are two security issues with the current Firebase Database Rules:

  1. Attackers can obtain Admin privileges and manipulate users' data by arbitrarily write to /admins and /users.
  2. Anyone can read /products. I'm not sure it's an issue.