User files in the server is disclosed while the screen is locked when someone called.
[add details for how we can reproduce the issue]
1.) Make 2 Accounts, Lets call them Account A and Account B
2.) Using Account A login to (https://nextcloud/apps/spreed/)
3.) Using Account B login to NextCloud Talk App in your Phone and Lock the Screen
4.) Using Account A call Account B
5.) Using Account B accept the call and click the Message or SMS icon in the bottom left
6.) Attach a file and Press share from your nextcloud server
7.) You can see the user files
[list any additional material (e.g. screenshots, logs, etc.)]
āāāā
A malicious attacker can see the user files by calling the phone while the screen is locked.