Instructure Canvas Learning Management Service vulnerabilities
2 known vulnerabilities affecting instructure/canvas_learning_management_service.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-5775P2MEDIUMCVSS 5.8ExploitedPoCv2020-07-292020-08-21
CVE-2020-5775 [MEDIUM] CWE-918 CVE-2020-5775: Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to ca
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.
nvd
CVE-2021-36539P3MEDIUMCVSS 6.5fixed in 2022-10-152023-01-26
CVE-2021-36539 [MEDIUM] CWE-639 CVE-2021-36539: Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).
nvd