Severity: High
Administrative actions such as resolving or deleting feedback are performed directly from the client without server-side authorization checks.
Given that:
Admin authentication is already weak (Issue 2)
Firestore rules may be permissive (Issue 5)
Attackers could:
Modify feedback data
Delete records
Interfere with system moderation
Why this matters:
This compromises data integrity and administrative control. It also opens the door to abuse, such as deleting legitimate feedback or manipulating records.
What’s needed:
Server-side enforcement of admin roles
Firestore rules restricting write access to authorized users only
Optional logging for auditability
Severity: High
Administrative actions such as resolving or deleting feedback are performed directly from the client without server-side authorization checks.
Given that:
Admin authentication is already weak (Issue 2)
Firestore rules may be permissive (Issue 5)
Attackers could:
Modify feedback data
Delete records
Interfere with system moderation
Why this matters:
This compromises data integrity and administrative control. It also opens the door to abuse, such as deleting legitimate feedback or manipulating records.
What’s needed:
Server-side enforcement of admin roles
Firestore rules restricting write access to authorized users only
Optional logging for auditability