Name of the Vulnerable Software and Affected Versions: platform.sh (affected versions not specified)

Description: The default configuration of platform.sh, as defined in .platform.app.yaml, allows unauthorized access to uploaded files if their location is known or guessed, regardless of the content read access granted by roles. Additionally, for users of Legacy Bridge, the default configuration inadvertently exposes certain legacy files, including the legacy var directory and extension directories, which should not be readable.

Recommendations: For all affected versions, consider updating the .platform.app.yaml configuration to restrict access to uploaded files and legacy directories, ensuring that only authorized roles can access sensitive content. As a temporary workaround, restrict access to the legacy var directory and extension directories to minimize the risk of exploitation. Review and adjust the role-based access controls to ensure they align with the intended security permissions for content read access.