CVEs (2)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Instructure 1Canvas Learning Management Service Nov 21, 2024 Jan 26, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url). |
1Instructure 1Canvas Learning Management Service Nov 21, 2024 Aug 21, 2020 N/A· v4 5.8 MEDIUM· v3 5.0 MEDIUM· v2 Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. |