CVE-2021-36539

CVE-2021-36539

EPSS 0.9%

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/gaukas/instructure-canvas-file-oracle https://github.com/instructure/canvas-lms/issues/1905