Pdftron doesn’t provide any native mechanism to ensure that rendered documents cannot be opened by someone else than the user supposed to access the rendered document. We had to implement our own additional layer of security to check for the current user session and determine if the URLs can be opened or not.
Risk level: High
Fix: Upgrade to version 126.96.36.199 or later.
We thank Michael Newton <email@example.com> for responsible disclosure.
Date issued: 2022-08