CVE-2021-36539
CVE-2021-36539 affects Instructure Canvas LMS. The issue is improper access control where unprivileged users can access locked/unpublished files via the DocViewer-based file preview URL (canvadoc_session_url). Root cause: inadequate denial of access for document previews. Impact: information disc...