Maybe it’s already known! In version-12, a user can find out the mail addresses of the others without any rights or other group affiliation! This is bad if a threat from the inside should be enough, the one now needs only the passwords! You can hide it or even turn it off! At least setting the only the administrator can see the mail addresses would be very happy about help! I thank you and wish you a nice Friday
If this is new in the upgrade to NC 12, please open a bug report on github.com/nextcloud/server/issues.