Security Advisory

CVE-2021-36539

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-01-26 00:00:00
Last updated 2024-08-04 00:54:51
Assigner mitre
State PUBLISHED

Description

Instructure Canvas LMS didnt properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).