CVE-2021-36539

Published: Jan 26, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).

Affected (1)

Products: Instructure: Canvas Learning Management Service

Instructure

1 product

Canvas Learning Management Service

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Instructure Canvas Learning Management Service	Before 2022-10-15

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://github.com/gaukas/instructure-canvas-file-oracle

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/instructure/canvas-lms/issues/1905

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/gaukas/instructure-canvas-file-oracle

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/instructure/canvas-lms/issues/1905

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.