Vulnerabilities > Instructure

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-26	CVE-2021-36539	Authorization Bypass Through User-Controlled Key vulnerability in Instructure Canvas Learning Management Service 20200729 Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url). network low complexity instructure CWE-639	6.5
2020-08-21	CVE-2020-5775	Server-Side Request Forgery (SSRF) vulnerability in Instructure Canvas Learning Management Service 20200729 Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. network low complexity instructure CWE-918	5.8

Vulnerabilities > Instructure {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Instructure"}]}