Hi again,
So this seems to be less bad these days as the trusted servers are no longer enabled by default (however they were some versions ago).
The trusted servers exchanged the full user list with another server. As soon as 1 federated share is created between two instances. It is questionable if this is something that should be allowed by 1 federated share on corporate systems. But maybe this is more of a community feature?
But back to the issue at hand. If trusted servers are enabled.
Then a single public link share can expose the whole system address book to an attacker. To take again the example of cloud.nextcloud.com
This happens because the federated share is created. And thus the trusted server logic kicks in.
If a system has the “Add server automatically once a federated share was created successfully” enabled.
Then if there is a public link circulating an attacker can obtain the shared info from all users on the system
This can contain
Possibly more but I did not check.
If this is part of the expected behavior. Then I feel this should be communicated a lot more clear when an admin tries to enable this.