2012-10-15 Instructure Advisory IAC85286 - XSS Attack Vulnerability

Document created by jordan@instructure.com on Sep 22, 2015Last modified by Renee Carney on Sep 22, 2015
Version 2Show Document
  • View in full screen mode

    SECURITY UPDATE

Canvas + Logo transparent (WHITE)- 300px.png

 

  Release Date:2012-10-15  (Last update can be found below the document title)
  Description:XSS Attack Vulnerability
  Criticality Level:Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )
  Impact:
  • Exposure of Sensitive Information
  • Cross Site Scripting
  Systems Affected:Canvas LMS
  Solution Status:Patched
  Discovered By:Kamil Sevi  @kamilsevi
  Relevant Changesets:

https://github.com/instructure/canvas-lms/commit/a9720f5602aa654d059f4f3c7badeaef5da1f79c


 

Summary:

A cross-site scripting vulnerability was reported by a third party. This vulnerability could potentially allow an attacker to steal the private information of a user logged in to Canvas.

 

Status:

Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.

 

 


Attachments

    Outcomes