gaukas/instructure-canvas-file-oracle
GitHub
Releases0
Stars1
Gain access to any uploaded files in your class via DocViewer using an exploitation in Canvas API v1.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.5 MEDIUM | — | ||
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url). | |||