2 matches found
CVE-2021-36539
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...
CVE-2021-36539
CVE-2021-36539 affects Instructure Canvas LMS. The issue is improper access control where unprivileged users can access locked/unpublished files via the DocViewer-based file preview URL (canvadoc_session_url). Root cause: inadequate denial of access for document previews. Impact: information disc...