Unauthenticated users can obtain comments on private videos
Vísit the following API link where 123 is the ID of the private video:
/api/v1/videos/123/comment-threads
Response contains all the comments on that private video.
This vulnerability disclosure comments on private videos to unauthenticated users.