CVE-2021-36539

Publication date

2023-01-26 00:00:00

Family

mitre

State

PUBLISHED

Description

Instructure Canvas LMS didnt properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).