Описание
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.
Ссылки
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:instructure:canvas_learning_management_service:2020-07-29:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.70759
Высокий
5.8 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
github
больше 3 лет назад
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.
EPSS
Процентиль: 99%
0.70759
Высокий
5.8 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918