Cloudinary offers multiple upload methods, some of them are server-side signed uploads and some are client-side unsigned uploads.
When using unsigned upload, one security consideration to take into account is that if the upload preset name is known to someone who isn't part of the internal team then it can be used with a different Cloudinary account to have assets uploaded to the original account.
Note that in any case, using the preset doesn't give anyone permission to edit, override, delete, or do any harm to your own content.
In case a preset name was compromised the below actions can be taken to ensure the account is safe again:
- Changing the upload preset name to a new one.
- Remove any uploads which do not originally belong to the account
- Move to signed uploads instead of unsigned ones.