Description
A security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students (by email) in batches.
Mitigation
This issue has been fixed, student list is now only returned to users who can create batches (Moderator / Batch Evaluator roles). All other users receive an empty list.
Acknowledgement
This issue was reported by @filime
Description
A security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students (by email) in batches.
Mitigation
This issue has been fixed, student list is now only returned to users who can create batches (Moderator / Batch Evaluator roles). All other users receive an empty list.
Acknowledgement
This issue was reported by @filime