All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter βpathβ passing β/SHARED/<username>β. A malicious actor could identify the existence of users by requesting share information on specified share paths.