|Release Date:||2014-06-05 (Last update can be found below the document title)|
|Description:||Course Copy Exploit|
|Criticality Level:||Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )|
|Systems Affected:||Canvas LMS|
|Discovered By:||Internal Audit|
A bug in permissions checking could allow a malicious user to initiate a course copy using a source course they do not normally have access to. This could allow access to course content that the user would not normally see.
Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.