Is unauthorised deletion an integrity or availability issue?

As pointed out in this (unanswered) question, Availability in CVSSv3 is about how well the web service performs, not whether its data is available:

While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the impacted component, this metric refers to the loss of availability of the impacted component itself, such as a networked service (e.g., web, database, email).

To answer your question: only Integrity is relevant here.


I would say it presents a clear Availability issue as the attacker is able to completely remove that specific resource and prevent other users' ability to access.

I would also say there is an Integrity issue too. The calculator defines a low score on integrity as "modification of data is possible" which I would say is certainly the case here.

To answer your question : Both. How you score depends on how important those comments are to your application.


INTEGRITY

After deletion, the resulting dataset will assert that no such comment was ever left. That assertion is in error.