CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-36539

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.2%

CVSS Severity

CVSS v3 Score 6.5

References

https://github.com/gaukas/instructure-canvas-file-oracle
https://github.com/instructure/canvas-lms/issues/1905
https://github.com/gaukas/instructure-canvas-file-oracle
https://github.com/instructure/canvas-lms/issues/1905

Products affected by CVE-2021-36539

Instructure » Canvas Learning Management Service » Version: 2020-07-29

cpe:2.3:a:instructure:canvas_learning_management_service:2020-07-29

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-36539

Products

Pricing

Contact Us