|Release Date:||2014-05-01 (Last update can be found below the document title)|
|Description:||Cross Account Login Creation|
|Criticality Level:||Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )|
|Impact:||Exposure of Sensitive Data|
|Systems Affected:||Canvas LMS|
|Discovered By:||Internal Audit|
A bug in permissions checking could allow a malicious user to create logins in accounts that they wouldn't normally be allowed to. This could allow access to basic account information, depending on authentication settings.
Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.