The Image module allows you to define and configure image fields. The module doesn't sufficiently check access to image style derivatives when those files are served via a file stream other than private://. This vulnerability is mitigated by the fact that Drupal must be configured to use a contributed (non-core) file scheme to serve private derived images. Information disclosure issues like this one are not generally given security advisories (as described in PSA-2023-07-12)). This fix is provided as a hardening. Contributed modules implementing custom stream wrappers may need to add similar hardenings.