An issue in S3Browswer v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component.
Missing SSL certificate validation
S3Browser - Versions 11.4.5 and 10.9.9 for sure. Older versions are not downloadable but are probably vulnerable too. Issue fixed in 11.5.7