A vulnerability was found where it was possible to bypass restrictions imposed on downloading a file if the valid file token was known and by accessing at its URL directly. We thank @imran_nisar for reporting this to our team.
The issue **"Users Without Permission Can Download Restricted Files"** refers to a security flaw where an application's access control fails, allowing unauthorized users to access and download files that should be protected. This vulnerability can lead to data breaches and unauthorized exposure of sensitive information, highlighting the need for robust permission management.
https://hackerone.com/reports/794904