2 matches found
CVE-2020-5775
Canvas LMS 2020-07-29 is exposed to a blind Server-Side Request Forgery (SSRF) that allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. The vulnerability potentially enables access to sensitive information, data modification...
CVE-2021-36539
CVE-2021-36539 affects Instructure Canvas LMS. The issue is improper access control where unprivileged users can access locked/unpublished files via the DocViewer-based file preview URL (canvadoc_session_url). Root cause: inadequate denial of access for document previews. Impact: information disc...