Oh, now I see Gage's suggestion to treat it as a class A report instead. Gage, what's the scenario where an authenticated user can exploit this without access to the victim's UUID?
Oh, now I see Gage's suggestion to treat it as a class A report instead. Gage, what's the scenario where an authenticated user can exploit this without access to the victim's UUID?