Hidden channels + descriptions leaking through API

Kommentarer

2 kommentarer

  • donovan_dmc

    This has been a thing since Discord's inception, this should be a well known thing by now

    It isn't some random route leaking data, the route to list channels doesn't filter via permissions, likely because it doesn't make sense to performance wise, thus every client always knows about every channel that exists in a guild (besides threads, those are private)

     

    Channel topics should not be used to store anything sensitive, put it in a pinned message or something

    Changing this now would be a breaking api change, and considering this has been the same way for almost a decade, I don't see it changing any time soon

    0
  • Zoya

    This indicates a data leak in the API, as admins would not expect their private channel names and descriptions to be publicly visible. Channel descriptions can link to internal documents or invite URLs with tokens in them branded earbuds.

    0

Du måste logga in om du vill lämna en kommentar.