Vulnerabilities > CVE-2020-5775 - Server-Side Request Forgery (SSRF) vulnerability in Instructure Canvas Learning Management Service 20200729

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

instructure

CWE-918

NVD

Published: 2020-08-21

Updated: 2020-08-26

Summary

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.

Vulnerable Configurations

Part	Description	Count
Application	Instructure Instructure Canvas Learning Management Service 2020-07-29	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.tenable.com/security/research/tra-2020-49