It was detected that the file access control after users upload files to the system is bypassed. When a file is uploaded, its associated URL or path can be intercepted. By capturing this URL, any user—whether logged in or not—can directly download the file through the exposed path. This means that even if a file is meant to be private, it is accessible to anyone with the correct URL.
asked
Elsaeed Shosha
1 answers
0
From the question I gather that the file is uploaded by anonymous users. If this is the case then you can implement something to copy the file to a secured entity that enherits from system.filedocument and remove the file so that the original file path is no longer useful and the file is secured.
If this is not the case you'll need to review your security settings in the domain model.