Users who have rights to edit a node, can set the visibility on comments for that node.
* Advisory ID: DRUPAL-SA-CORE-2016-004
* Project: Drupal core
* Version:li 8.x
* Date: 2016-September-21
* Security risk: 18/25 ( Critical)
Users without "Administer comments" can set comment visibility on nodes they can edit.