Access to images and videos in drafts on LINE BLOG

On LINE BLOG, sequential ID is assigned to each image/video when uploaded, and the ID is converted to actual URL on preview/publish. Due to the bug in the attachment ownership verification process, it could be possible for an attacker to view unpublished images/videos in other users' drafts by modifying the attachment ID in the request sent to preview feature API.