Vulnerabilities (CVE)

Filtered by vendor Instructure Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-36539 1 Instructure 1 Canvas Learning Management Service 2024-11-21 N/A 6.5 MEDIUM
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).
CVE-2020-5775 1 Instructure 1 Canvas Learning Management Service 2024-11-21 5.0 MEDIUM 5.8 MEDIUM
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.