Due to using the auto-incrementing file_id
instead of the random generated token
to access files in the documents app an authenticated users could enumerate shared files of other users.
For more information please consult the official advisory.
This advisory is licensed CC BY-SA 4.0