We see a security issue which leaks an auth token: When you preview a
PDF file a GET request is executed (see network tab in Browser dev
tools) for _layouts/15/download.aspx which includes a query param
tempauth, which contains a JWT. Anybody who captures the URL can get
access to that document for ...
Latest Comments