Open cjackett opened 2 months ago
Thanks again for participating! This submission earned $22.68 from SIV and $57.14 from the Public Vote, for a total of $79.82.
Here's what we noted in our evaluation:
Issue to track getting paid: https://github.com/siv-org/hack.siv.org/issues/10
Description: The current implementation in
pages/api/validate-admin-jwt.ts
logs the JWT contents when a JWT fails validation. This poses a risk of sensitive data exposure, as JWTs often contain information such as user emails or other identifying details.Affected Code:
Proposed Solution:
Impact: This change will reduce the risk of sensitive data exposure in logs, improving the security and privacy of user information.