HackerOne: latest_activity_id and latest_activity_at may disclose information about internal activities to unauthorized users

Mini information disclosure related with team's internal comments/assign group activity id and datetime are exposed Steps: 1 As victim, Create a sandbox team and create report 2 Add attacker as a participant for the report 3 As victim, create some internal comments team -only comments /assign gro...