Back
Low · CVSS 3.2Improper Access Control - Generic (CWE-284)

Can download files on Android app without permission

hackerone-reports
hackerone-reports
March 5, 2026
0
€235

Vulnerability Summary

HackerOne disclosed report --> https://hackerone.com/reports/2380133 by hakuna

Summary:

If the owner of a file - of type PDF, document, image or presentation - shares it with a user and disable download, the user can still download it using the Android app.

Identification Required

You must be logged in to read this writeup. Join our community of researchers today.

Sign InRegister

Related Writeups

hackerone-reportshackerone-reports

Easy way to create a new Deck board without permission

HackerOne disclosed report --> https://hackerone.com/reports/2388183 by hakuna

Read Writeup →
hackerone-reportshackerone-reports

2FA requirement bypass when inviting team members

HackerOne disclosed report --> https://hackerone.com/reports/3356149 by 0x7ashish

Read Writeup →

Discussion

No comments yet. Be the first to share your thoughts.

Log in to join the discussion.

Sign In