Filtered by vendor Instructure Subscriptions
Filtered by product Canvas Learning Management Service Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-5775 1 Instructure 1 Canvas Learning Management Service 2024-08-04 5.8 Medium
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.
CVE-2021-36539 1 Instructure 1 Canvas Learning Management Service 2024-08-04 6.5 Medium
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).