Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.Referenceshttps://hackerone.com/reports/916704https://nextcloud.com/security/advisory/?id=NC-SA-2020-036
