What Is the Instructure Canvas Breach? Impact, Risks, and What Institutions Should Do

The Instructure Canvas breach affects universities, K–12 school districts, and teaching hospitals globally. This blog entry intends to provide context and practical guidance...

ShinyHunters’ Instructure Canvas LMS and Vimeo Breaches Impact Millions of Users

ShinyHunters breached Instructure and Vimeo, exposing millions of student and user records through direct and supply chain attacks...

Millions of students’ personal data stolen in major education breach

Instructure, the company behind the Canvas learning management system LMS, confirmed a cyber incident and subsequent data breach affecting its cloud‑hosted environment. The ShinyHunters ransomware group claims it is behind the attack and says it stole roughly 275 million records tied to students,...

CVE-2021-36539

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...

BIT-CANVASLMS-2021-36539

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...

CVE-2021-36539

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...

Design/Logic Flaw

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...

CVE-2021-36539

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...

CVE-2021-36539

CVE-2021-36539 affects Instructure Canvas LMS. The issue is improper access control where unprivileged users can access locked/unpublished files via the DocViewer-based file preview URL (canvadoc_session_url). Root cause: inadequate denial of access for document previews. Impact: information disc...

WordPress MOLIE – Instructure Canvas Linking tool plugin <= 0.5 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Jeremie Amsellem in WordPress MOLIE – Instructure Canvas Linking tool plugin versions = 0.5. Solution Deactivate and delete. This plugin has been closed as of November 29, 2021 and is not available for download. Reason: Security Issue...