Instructure: >> Canvas Learning Management Service Security Vulnerabilities
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).
CVSS Score
6.5
EPSS Score
0.002
Published
2023-01-26
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.
CVSS Score
5.8
EPSS Score
0.593
Published
2020-08-21