Users API Shows Data to Students




 
Users API Shows Data to Students

Date Published: Feb 21,2019 Category: Planned_First_Fix_Release:Functioning_as_Designed; Product:Users_and_Role_Management_Learn,Authentication_and_Security_Learn,Application_and_Webserver_Learn; Version:Learn_9_1_Q4_2017,Learn_9_1_Q2_2018,Learn_9_1_Q4_2018,Learn_9_1_Q2_2019,SaaS   Article No.: 000050249

Product: Blackboard Learn

Release: 9.1;SaaS

Service Pack(s): Learn 9.1 Q4 2017 (3300.0.0), Learn 9.1 Q2 2018 (3400.0.0), Learn 9.1 Q4 2018 (3500.0.0), Learn 9.1 Q2 2019 (3700.0.0), SaaS

Issue Description: The Users API exposes User attributes for authenticated non-privileged Users such as Students.

Steps to Replicate:

  1. Log into Blackboard Learn as a Student
  2. Access the Users API
    • .../learn/api/public/v1/users
Expected Behavior:
User information is not listed

Observed Behavior:
User information is listed

 




Target Release: Functioning as Designed
Patch Available: No