Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document resto…

Outline collaborative documentation service contains an Insecure Direct Object Reference (IDOR) vulnerability in versions prior to 1.4.0. The flaw exists in the document restoration logic, allowing any team member to unauthorized restore, view, and seize ownership of deleted drafts belonging to other users, including administrators. Attackers can bypass ownership validation during the restore process to access sensitive private information and lock original owners out of their content. The vulnerability has been fixed in version 1.4.0.