6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.5%
Instructure Canvas LMS didn’t properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).
github.com/gaukas/instructure-canvas-file-oracle
github.com/instructure/canvas-lms/issues/1905