Nextcloud Server before version 21.0.2 sends user IDs to the lookup server even if the user has no fields set to be published.
Nextcloud Server before version 21.0.2 sends user IDs to the lookup server even if the user has no fields set to be published.
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-396j-vqpr-qg45 https://hackerone.com/reports/1173436