Описание
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2022-10-15 (исключая)
cpe:2.3:a:instructure:canvas_learning_management_service:*:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00265
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 6.5
github
около 3 лет назад
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).
EPSS
Процентиль: 50%
0.00265
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-639