CVE-2021-36539

CVE-2021-36539

EPSS 0.9%

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/gaukas/instructure-canvas-file-oracle https://github.com/instructure/canvas-lms/issues/1905