[HIGH] Any storage file can be downloaded from p.sh if full server path is known

PKSA-hjqh-8592-3fbp GHSA-gqcf-83rq-gpfr

Affected package: ibexa/post-install

Affected version: <=1.0.4

Reported by:
GitHub