Dropbox: Disclose anonymous accessible link on embedded files in paper dropbox sessions

ID H1:462173
Type hackerone
Reporter karlito
Modified 2019-01-15T08:22:46


This report described some of the behavior of the integration between Dropbox and Dropbox Paper. In particular, when embedding a Dropbox file into Dropbox Paper, this implicitly creates a link to that file (see https://www.dropbox.com/help/files-folders/view-only-access) and embeds it within the document. This behavior matches that of the Dropbox Chooser (https://www.dropbox.com/developers/chooser), and is by design.