Message types can be edited regardless of right
Package
fosscord-server
(fosscord-server)
Affected versions
<= 69c55884e5cb3503d4319d2fa32eb0d7e593ee52
Patched versions
>= df199227f81deca5116f9ba35b0d156b25b4fc72
Description
Credits
-
SamButNotSam Reporter
Summary
Sending a PATCH request to
/api/channels/:channel_id/messages/:message_idallows users to edit the message type of their own messages.Mitigation
This has been resolved as of commit df19922. You now require the
MANAGE_MESSAGESright to perform this action.