-
Notifications
You must be signed in to change notification settings - Fork 0
Components
Mic edited this page Aug 26, 2022
·
1 revision
The ticketing system is a system of work tickets, grouped by teams.
Three containers make up the Ticketing System
- MySQL DB server
- Node/Express REST API server
- React single-page app front-end
This app supports both OAuth and Legacy auth
- The HS256 JWT signature uses a secret that appears on wordlists
- A certain API endpoint fails to check the JWT signature at all
- Insufficient authorization control if the user can make themselves appear as admin, such as by manipulating local storage
- XSS flaw in a rich text field
- CORS issue