A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares.
@maintainer(s), the fix is in 14.0.0-14.0.3. We can clean the previous versions. Michael Boyle Gentoo Security Padawan
OK there was a round of advisories, like https://nextcloud.com/security/advisory/?id=NC-SA-2018-010 also affecting 12.x and 13.x I cleaned all previous versions (except last releases): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dbd46d1641947919326bb7f29bcd2fff423e20c