Security Advisory
CVE-2021-36539
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Instructure Canvas LMS didnt properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).