mohamed laajimi

Published On: 27 Mar 2020

$500

page admin can't remove informations added by page editor in FBLite

Privacy/Authentication
Facebook | Android
---
LOW VALID
Description

After page editor add informations to the page (phone number,website...) the page admin can't remove informations added by the editor

Impact

page admin unable to remove informations added by page editor on FBlite




Reproduction Steps

Step
1

User1:(page admin),User2:(page editor)

Step1:open fb User2(page editor) go to the page test2 select more and select edit more info and edit website(www.exemple.com) ,phone number... ,Save the informations added and disconnect from this fb account

Step
2

Step2:open fb User1 (page admin) go to the page test2 select more and select edit more info and delete the informations added by User2(page editor) ,save and disconnect

Step
3

step3:User1(page admin) reopen his FB account and see the informations added by page editor unremovable

Timeline
.
mohamed 23 Feb 2020

I sent report

.
Facebook 25 Feb 2020

close report as not applicable

.
mohamed 25 Feb 2020

I sent more details

.
Facebook 26 Feb 2020

Managed to reproduce(pre-triaged) We've managed to reproduce your report and will get back to you once we have had a chance to investigate.

.
Facebook 08 Mar 2020

Further investigation(triaged) Thank you for reporting this information to us. We are sending it to the appropriate product team for further investigation. We will keep you upd ... See More

.
Facebook 25 Mar 2020

fixed We have looked into this issue and believe that the vulnerability has been patched. Please let us know if you believe that the patch does not res ... See More

.
Facebook 27 Mar 2020

bounty awarded

VALID






Show All Images