Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2021-36539

Disclosure Date: January 26, 2023 (last updated October 08, 2023)
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-5775 — Server-Side Request Forgery in Canvas LMS

Disclosure Date: August 21, 2020 (last updated February 22, 2025)
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0