Lucene search
GoogleOSV:BIT-CANVASLMS-2021-36539HistoryJan 31, 2024 - 3:12 p.m.
BIT-canvaslms-2021-36539
2024-01-3115:12:08
Google
osv.dev
7
instructure canvas lms
denial of access
locked files
unpublished files
unprivileged user
docviewer
software vulnerability
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
32.5%
Instructure Canvas LMS didn’t properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).
| CPE | Name | Operator | Version |
|---|---|---|---|
| canvaslms | lt | 2022-10-15.0.0 |
Related
cve
cve
CVE-2021-36539
2023-01-26 21:15:23
prion
prion
Design/Logic Flaw
2023-01-26 21:15:00
cvelist
cvelist
CVE-2021-36539
2023-01-26 00:00:00
nvd
nvd
CVE-2021-36539
2023-01-26 21:15:23
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
32.5%
Related for OSV:BIT-CANVASLMS-2021-36539