Valve: Deleting other people's comments on ModeratorMessages

ID H1:357952
Type hackerone
Reporter milkgames
Modified 2019-01-23T01:11:02


Due to a missing permissions check, anyone could delete a comment on a community moderator message knowing the unique comment GID and the SteamID of the message receiver. The endpoint has been corrected to verify the correct permissions. You were able to delete others people's comments on moderator messages.