Name of the Vulnerable Software and Affected Versions: platform.sh (affected versions not specified)

Description: The default configuration of platform.sh allows unauthorized access to uploaded files if their location is known or guessed, regardless of content read access permissions. Additionally, when using Legacy Bridge, certain legacy files that should not be readable, such as the legacy var directory and extension directories, are also accessible.

Recommendations: For all affected versions, consider updating the .platform.app.yaml configuration to restrict access to uploaded files and legacy directories. As a temporary workaround, restrict access to sensitive files and directories until a proper configuration update can be applied. Avoid using the default configuration for Legacy Bridge to minimize the risk of unauthorized access to legacy files.