Ayboraa

**Name of the Vulnerable Software and Affected Versions** Outline versions 0.86.0 through 1.6.9 **Description** An insecure direct object reference exists in the 'shares.create' API endpoint. When both `collectionId` and `documentId` are provided in a request, the authorization logic verifies access to the collection but ignores the document. This allows an authenticated attacker to generate a valid public share link for any document on the platform, including those from other workspaces. The full contents of the document can subsequently be retrieved via the 'documents.info' endpoint. **Recommendations** Update to version 1.7.0.