Basecamp: Unauthenticated access to private files on app.fizzy.do via Active Storage URLs leads to information disclosure

A vulnerability was discovered where unauthenticated users could access private files and file previews on the application through Active Storage URLs. This vulnerability allowed information disclosure, as the files and previews could be accessed without any authentication or authorization checks...