Improper access control in Nextcloud Deck 0.8.0 allowed an malicious user to reshare boards shared with them with more permissions than they had themselves.
nextcloud deck 0.8.0