Deleting other people's comments on ModeratorMessages
Low
V
Valve
Submitted None
Team Summary
Official summary from Valve
Due to a missing permissions check, anyone could delete a comment on a community moderator message knowing the unique comment GID and the SteamID of the message receiver. The endpoint has been corrected to verify the correct permissions.
Actions:
Reported by
creekie
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$500.00
Submitted
Weakness
Improper Authentication - Generic