Saugat Pokharel

Published On: 06 Apr 2020

$500

Cannot Delete Post on Facebook Group

Privacy/Authentication
Facebook | Android
---
LOW VALID

A group member cannot remove their own unapproved post in a group with the post-approval system.

Description

In a Facebook group with the post-approval system, a member submits a post for approval. But, he cannot delete that post once submitted.

Impact

Member cannot delete their own post which is an obvious privacy issue.




Reproduction Steps

Step
1

A is a member of a group ABC where there is a post-approval system.

Step
2

A creates a post in ABC.

Step
3

He now decides to delete that post.

Step
4

When tapping on delete, it always says "something went wrong"

Videos

Timeline
.
Saugat 18 Feb 2020

Initial Report Sent Pre-Triaged

.
Facebook 02 Mar 2020

Pre-Triaged Hi Saugat, Thank you for your submission. We've managed to reproduce your report and will get back to you once we have had a chance to investig ... See More

.
Facebook 06 Mar 2020

Triaged Hi Saugat, Thank you for reporting this information to us. We are sending it to the appropriate product team for further investigation. We will ... See More

.
Facebook 02 Apr 2020

Issue Fixed and confirmation of fix Hi Saugat, We have looked into this issue and believe that the vulnerability has been patched. We will follow up regarding any bounty decisions ... See More

.
Facebook 02 Apr 2020

Bounty Rewarded After reviewing this issue, we have decided to award you a bounty of $500. Below is an explanation of the bounty amount. Facebook fulfills its bo ... See More

VALID






Show All Images