HackerOne: Attachment object in GraphQL continues to grant access to files, even if they are removed from rendering

Summary: Hi team, Our team noticed that youprogram can attach files to the policy page. These files can be anything, images, text, archive, etc.In other words, these files may or may not contain sensitive information. Our team believes that the data that can be attached in different vectors is hi...